SSL Certificate Validation Error in .Net

By Akbar

When working on a .Net project (in Frame 2.0), I was having a hard time connecting with the local secure server using the self signed SSL certificate. When connecting to that server using the HttpWebRequest object, it was throwing the following error:
“The remote certificate is invalid according to the validation procedure”

Looking for the workaround, I found that the simplest method for this is to ignore this error when in development mode. For this, first you need to define a static global event handler for the SSL certificate validation.

1
2
3
4
5
6
7
8
9
10
11
12
// This callback method is used to validate the certificate in an SSL conversation
// Changed the handle to ignore the SSL Certificate errors in the development mode.
private static bool ValidateCertificateCallback(object sender, X509Certificate certificate,
                                                X509Chain chain, SslPolicyErrors policyErrors)
{
	// When running the developer mode, ignore all type of SSL connection error
	if (System.Configuration.ConfigurationManager.AppSettings["developMode"] == "true")
		return true;
	else
		// Return true only if there are no SSL Policy errors
		return policyErrors == SslPolicyErrors.None;
}

The extra check here make sure that we do this only in the development mode (based on configuration). Next you need to change your HTTP request get/post object code to something like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
// Register a callback function to listen for all the SSL certificate errors (for push completion notification)
RemoteCertificateValidationCallback callbackHandler = new RemoteCertificateValidationCallback(ValidateCertificateCallback);
ServicePointManager.ServerCertificateValidationCallback += callbackHandler;
 
try
{
	// HTTP Get/Post request code goes here
}
catch (Exception exc)
{
	// Handle any other exceptions gracefully
}
finally
{
	// As the SSL certificate handler callback is global, so remove it as soon as push notification is sent to avoid
	// conflict with other HTTPS connections
	ServicePointManager.ServerCertificateValidationCallback -= callbackHandler;
}

This should ignore all your certificate related errors when running the application in the development mode (where System.Configuration.ConfigurationManager.AppSettings[“developMode”] configuration is true).

Just a reminder: Please remember to do this only in the development mode. Ignoring SSL certificate error in the production application is a serious blunder and this might put you in serious trouble when not carefully used. So, know what you are doing, and implement this at your own risk.

Tags: , , ,