SSL Certificate Validation Error in .Net
When working on a .Net project (in Frame 2.0), I was having a hard time connecting with the local secure server using the self signed SSL certificate. When connecting to that server using the HttpWebRequest object, it was throwing the following error:
“The remote certificate is invalid according to the validation procedure”
Looking for the workaround, I found that the simplest method for this is to ignore this error when in development mode. For this, first you need to define a static global event handler for the SSL certificate validation.
1 2 3 4 5 6 7 8 9 10 11 12 | // This callback method is used to validate the certificate in an SSL conversation // Changed the handle to ignore the SSL Certificate errors in the development mode. private static bool ValidateCertificateCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors policyErrors) { // When running the developer mode, ignore all type of SSL connection error if (System.Configuration.ConfigurationManager.AppSettings["developMode"] == "true") return true; else // Return true only if there are no SSL Policy errors return policyErrors == SslPolicyErrors.None; } |
// This callback method is used to validate the certificate in an SSL conversation // Changed the handle to ignore the SSL Certificate errors in the development mode. private static bool ValidateCertificateCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors policyErrors) { // When running the developer mode, ignore all type of SSL connection error if (System.Configuration.ConfigurationManager.AppSettings["developMode"] == "true") return true; else // Return true only if there are no SSL Policy errors return policyErrors == SslPolicyErrors.None; }
The extra check here make sure that we do this only in the development mode (based on configuration). Next you need to change your HTTP request get/post object code to something like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | // Register a callback function to listen for all the SSL certificate errors (for push completion notification) RemoteCertificateValidationCallback callbackHandler = new RemoteCertificateValidationCallback(ValidateCertificateCallback); ServicePointManager.ServerCertificateValidationCallback += callbackHandler; try { // HTTP Get/Post request code goes here } catch (Exception exc) { // Handle any other exceptions gracefully } finally { // As the SSL certificate handler callback is global, so remove it as soon as push notification is sent to avoid // conflict with other HTTPS connections ServicePointManager.ServerCertificateValidationCallback -= callbackHandler; } |
// Register a callback function to listen for all the SSL certificate errors (for push completion notification) RemoteCertificateValidationCallback callbackHandler = new RemoteCertificateValidationCallback(ValidateCertificateCallback); ServicePointManager.ServerCertificateValidationCallback += callbackHandler; try { // HTTP Get/Post request code goes here } catch (Exception exc) { // Handle any other exceptions gracefully } finally { // As the SSL certificate handler callback is global, so remove it as soon as push notification is sent to avoid // conflict with other HTTPS connections ServicePointManager.ServerCertificateValidationCallback -= callbackHandler; }
This should ignore all your certificate related errors when running the application in the development mode (where System.Configuration.ConfigurationManager.AppSettings[“developMode”] configuration is true).
Just a reminder: Please remember to do this only in the development mode. Ignoring SSL certificate error in the production application is a serious blunder and this might put you in serious trouble when not carefully used. So, know what you are doing, and implement this at your own risk.
Tags: .Net, Certificate, SSL, Validation
This entry was posted
on Tuesday, July 17th, 2012 at 9:04 pm and is filed under ASP.Net.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Very insightful blog on site security with ssl. Thanks, I really walked away more enlightened than before. ssl wildcard digital certs can secure many subdomains is something I recently acquired.
Thanks for very useful workaround. BTW, ‘Just a reminder’ sounds like a serious warning. Keep posting the awesome bits.