Exposing endpoint on port 443 as https

Feb 24, 2009 at 2:52 AM
I have an endpoint that is currently exposed in MSE on port 443. I can navigate fine when I add the port to the end of the host name (e.g. http://services.server.com:443/endpoint). However we need our end users to be able to go to https://services.server.com/endpoint when using the service. Right now, using "https" does not work.

What can be done for this change?

Feb 24, 2009 at 6:39 PM
You'll need to make sure the binding you are using is configured with transport security.  This also requires making sure the cert the endpoint uses has been registered for use as an SSL cert.  The security guide has some information about transport security and links to how you setup the certs properly.
Mar 6, 2009 at 3:07 PM
Edited Mar 6, 2009 at 3:08 PM
I modified my binding using transport security and we had a certificate generated  and registered on our runtime server hosting the endpoint. We verified the certificate store location and store name and value are correct.

The endpoint is exposed in MSE as https now, but the the service page is not coming up when browsing to it. We are not finding any errors in the MSE Service log regarding this.

The customer policy I am using is the Microsoft.MSE.Behaviors.Security assembly from CodePlex. I did not see anything about the 'httpsGetEnabled' property in the documentation or code for this. Does this still need to be set to true for Transport Security; and if it does, wouldn't it need to be in the custome behavior?
Mar 6, 2009 at 3:40 PM
Take a look at Issue # 6515 (http://servicesengine.codeplex.com/WorkItem/View.aspx?WorkItemId=6515).  This explains the common problem people experience and a known issue with the MSE.  If you have a policy on your endpoint (for example Enable ServiceDebug) then the HttpsGet metadata address will be setup correctly and you ought to be able to access the default WCF service page by using HTTPS rather than HTTP.

If you don't have a policy you should see a couple errors in the event log as 6515 mentions.  The fix is to add some sort of policy.  Your best bet is probably to create a policy with the following configuration for the ServiceMetadataPublishingElement:


wcf:ServiceMetadataPublishingElement HttpsGetEnabled="true" HttpsGetUrl="/" xmlns:wcf="clr-namespace:System.ServiceModel.Configuration;assembly=System.ServiceModel"></wcf:ServiceMetadataPublishingElement>


If you are using Feb 09 release the above example represents a Policy Assertion.