Hey guys, I'm busy with developing a new WCF Web Service that will be hosting data to two known web applications that are hosted on different servers/domains. I don't know how exactly it works but the idea I have is to provide each (trusted) client with a certificate so that I my Webservice can recognize the applications and provides them with requested data. Following article explains how it's done : Using Certificate-based Authentication and Protection with Windows Communication Foundation (WCF) The article above suggests using MakeCert.Exe utility to generate certificates for both server an clients however this article about MakeCert.Exe states that it should only be used for test purposes. So my questions are: - Do I really need to acquire a authority signed certificates for what I'm trying to achieve? - If not, what are the other options? Thanks in advance, Regards, Ayhan BTW: As you may have already noticed, I'm clueless when it comes to administration/infrastructure. Please consider when answering. still a lot to learn...

· You are going to use IIS to publish you app then you have two options. 1. Use a PKI structure internally and get both certificates from a Root CA in the local domain. (Certificate request can be created in IIS and then a certificate can be issue to that request by a CA) This a practice option for a low cost deployment. 2. You can get a third part server side certificate and have client certificates issued as needed by the same third party. I would personally choose the first option as it is easy administration and revocation of certificates would be quicker if needed. MCSE | MCITP - Server 2008 | MCITP - Exchange 2007 | MCTS - Exchange 2010