Solved

How to accept ssl cert automatically through httpRequest?

Posted on 2009-04-07
9
3,367 Views
Last Modified: 2013-12-17
Hi

I use the code to get the xml return from a web service.

It throws exception:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

How can I code it in VC# to automatically accept the cert?

I use ASP.NET and C#.

WebRequest request = WebRequest.Create(url);

WebResponse response = request.GetResponse();

Open in new window

0
Comment
Question by:techques
  • 5
  • 4
9 Comments
 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24094356
If the SSL certificate is not valid it will throw the error. You can override the Certificate Check by using following code.
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(CheckServerCertificateValid);
 

private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)

        {

            if (cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx"))

            {
 

                return true;
 

            }
 

            return false;
 

        }

Open in new window

0
 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24094364
I have did a validation check to bypass the certificate only from a desired server. If you want to enable all certificates, just ignore the conditions. The value for the certificate validation can be obtained from your certificate properties.
0
 

Author Comment

by:techques
ID: 24094372
The type or namespace name 'X509Certificate' could not be found (are you missing a using directive or an assembly reference?)
0
 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24094598
please include

using System.Security.Cryptography.X509Certificates;
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Author Comment

by:techques
ID: 24094738
yes, i included using System.Security.Cryptography.X509Certificates;

The type or namespace name 'SslPolicyErrors' could not be found

0
 

Author Comment

by:techques
ID: 24094891
I added
using System.Net.Security and it can compile. However, when I run your code, it throws the same error:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure

It did not bypass the cert.
0
 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24094927
Can you please post the code?
0
 

Author Comment

by:techques
ID: 24095010
Here is the code:

string h = "https://Hostmachine/csdb/servlet/Check?MSISDN="+me+"&Username=username&Password=password";

was tested with real ip, username and password
    private string Check(string me)

    {

        string h = "https://Hostmachine/servlet/Check?MSISDN="+me+"&Username=username&Password=password";

        ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(CheckServerCertificateValid);
 

        WebRequest request = WebRequest.Create(h);

        WebResponse response = request.GetResponse();
 

        Stream s = response.GetResponseStream();

        StreamReader sreader = new StreamReader(s);

        String str = sreader.ReadToEnd();

        XmlDocument doc = new XmlDocument();

        doc.LoadXml(str);

        XmlNode node = doc.SelectSingleNode("//sourcecode");

        string str_code = node.InnerText;

        string str_num = "";
 

        if (str_code.Equals("500"))

        {

            str_num = "505";

        }

        return str_num;

    }
 

    private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)

    {

        if (cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx"))

        {

            return true;

        }

        return false;

    }

Open in new window

0
 
LVL 14

Accepted Solution

by:
GiftsonDJohn earned 50 total points
ID: 24095100
Okay here is the problem.

 private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
    {
        if (cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx"))
        {
            return true;
        }
        return false;
    }

the cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx") should match your certificate signature. else ignore the condition. simply use

private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
    {      
            return true;    
    }

0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now