Do WCF clients/servers check certificate's

Hopefully the following questions will make some sense

Assume browser A wants to establish a SSL connection with web server B located at url www.xyz.com. When establishing a connection with B, A receives from the other end a X.509 certificate C. When A receives B's certificate, it checks certificate's CN field to match server B's hostname with domain name specified in certificate's CN field ( this matching is done by the browser and not by the underlying SSL connection). If B's hostname doesn't match with domain www.xyz.com, then A rejects the connection.

a) When WCF client receives a certificate C from a WCF service, does it also check C's CN field to match server's hostname with with domain name specified in CN field?

b) And vice-versa - When WCF service r开发者_StackOverflow中文版eceives a certificate C from a WCF client, does it also check C's CN field to match client's hostname with with domain name specified in CN field?

c) If answer to the above questions is yes, then I fail to see how we can use self-signing certificates SSC with WCF, since to my knowledge SSC's CN field value doesn't match the hostname of a SSC's owner

thank you

You are correct that a self-signed (root) certificate does not often have a common name that matches a host name, although it is definitely possible, but you can use that self-signed certificate to issue a certificate with the common name that you need, eg. a host name.

Take a look at this MSDN entry: http://msdn.microsoft.com/en-us/library/ms733768.aspx