<servicecertificate findvalue="MyLocalHost" x509findtype="FindBySubjectName" storelocation="LocalMachine" storename="My">
Then following the steps here: http://msdn.microsoft.com/en-us/library/ms733813.aspx I created a self signed certificate to add to the root and certificate to use for my service.
I then tried to bring up the services help page and I get this error:
The certificate 'CN=SignedByLocalHost' must have a private key that is capable of key exchange. The process must have access rights for the private key.
Doing some searching I found that you need to use winhttpCertCfg to give permissions to the process account. I also found that this tool is deprecated in Vista. It may or may not work but I wanted to figure out how to get this to work.
The suggested method was to use the MMC snap in to manage Private keys. You need to right click on the certificate and there should be a "Manage Private Keys" option under All Tasks, but it was there for me.
After some more diging I found you need to create the certificate for exchange. The following command worked:
makecert -sk SignedByCA -iv c:\OutCert.pvk -n "CN=MyLocalHost" -ic c:\OutCert.cer -sr LocalMachine -ss My -sky exchange -pe
The thing I left off was -sky exchange
The next error I ran into was:
The X.509 certificate CN=MyLocalHost chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The revocation function was unable to check revocation for the certificate.
To resolve this you need to do what it says (of course the trick is finding where to change this setting at). Add the following behavior to your client code