SSL Certificate Validation Error in .Net
When working on a .Net project (in Frame 2.0), I was having a hard time connecting with the local secure server using the self signed SSL certificate. When connecting to that server using the HttpWebRequest object, it was throwing the following error:
“The remote certificate is invalid according to the validation procedure”
Looking for the workaround, I found that the simplest method for this is to ignore this error when in development mode. For this, first you need to define a static global event handler for the SSL certificate validation.
// This callback method is used to validate the certificate in an SSL conversation
// Changed the handle to ignore the SSL Certificate errors in the development mode.
private static bool ValidateCertificateCallback(object sender, X509Certificate certificate,
X509Chain chain, SslPolicyErrors policyErrors)
{
// When running the developer mode, ignore all type of SSL connection error
if (System.Configuration.ConfigurationManager.AppSettings["developMode"] == "true")
return true;
else
// Return true only if there are no SSL Policy errors
return policyErrors == SslPolicyErrors.None;
}
The extra check here make sure that we do this only in the development mode (based on configuration). Next you need to change your HTTP request get/post object code to something like this:
// Register a callback function to listen for all the SSL certificate errors (for push completion notification)
RemoteCertificateValidationCallback callbackHandler = new RemoteCertificateValidationCallback(ValidateCertificateCallback);
ServicePointManager.ServerCertificateValidationCallback += callbackHandler;
try
{
// HTTP Get/Post request code goes here
}
catch (Exception exc)
{
// Handle any other exceptions gracefully
}
finally
{
// As the SSL certificate handler callback is global, so remove it as soon as push notification is sent to avoid
// conflict with other HTTPS connections
ServicePointManager.ServerCertificateValidationCallback -= callbackHandler;
}
This should ignore all your certificate related errors when running the application in the development mode (where System.Configuration.ConfigurationManager.AppSettings[“developMode”] configuration is true).
Just a reminder: Please remember to do this only in the development mode. Ignoring SSL certificate error in the production application is a serious blunder and this might put you in serious trouble when not carefully used. So, know what you are doing, and implement this at your own risk.
Tags: .Net, Certificate, SSL, Validation
This entry was posted
on Tuesday, July 17th, 2012 at 9:04 pm and is filed under ASP.Net.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Very insightful blog on site security with ssl. Thanks, I really walked away more enlightened than before. ssl wildcard digital certs can secure many subdomains is something I recently acquired.
Thanks for very useful workaround. BTW, ‘Just a reminder’ sounds like a serious warning. Keep posting the awesome bits.