Solved

How to accept ssl cert automatically through httpRequest?

Posted on 2009-04-07
9
3,355 Views
Last Modified: 2013-12-17
Hi

I use the code to get the xml return from a web service.

It throws exception:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

How can I code it in VC# to automatically accept the cert?

I use ASP.NET and C#.

WebRequest request = WebRequest.Create(url);

WebResponse response = request.GetResponse();

Open in new window

0
Comment
Question by:techques
  • 5
  • 4
9 Comments
 
LVL 14

Expert Comment

by:GiftsonDJohn
Comment Utility
If the SSL certificate is not valid it will throw the error. You can override the Certificate Check by using following code.
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(CheckServerCertificateValid);
 

private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)

        {

            if (cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx"))

            {
 

                return true;
 

            }
 

            return false;
 

        }

Open in new window

0
 
LVL 14

Expert Comment

by:GiftsonDJohn
Comment Utility
I have did a validation check to bypass the certificate only from a desired server. If you want to enable all certificates, just ignore the conditions. The value for the certificate validation can be obtained from your certificate properties.
0
 

Author Comment

by:techques
Comment Utility
The type or namespace name 'X509Certificate' could not be found (are you missing a using directive or an assembly reference?)
0
 
LVL 14

Expert Comment

by:GiftsonDJohn
Comment Utility
please include

using System.Security.Cryptography.X509Certificates;
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:techques
Comment Utility
yes, i included using System.Security.Cryptography.X509Certificates;

The type or namespace name 'SslPolicyErrors' could not be found

0
 

Author Comment

by:techques
Comment Utility
I added
using System.Net.Security and it can compile. However, when I run your code, it throws the same error:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure

It did not bypass the cert.
0
 
LVL 14

Expert Comment

by:GiftsonDJohn
Comment Utility
Can you please post the code?
0
 

Author Comment

by:techques
Comment Utility
Here is the code:

string h = "https://Hostmachine/csdb/servlet/Check?MSISDN="+me+"&Username=username&Password=password";

was tested with real ip, username and password
    private string Check(string me)

    {

        string h = "https://Hostmachine/servlet/Check?MSISDN="+me+"&Username=username&Password=password";

        ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(CheckServerCertificateValid);
 

        WebRequest request = WebRequest.Create(h);

        WebResponse response = request.GetResponse();
 

        Stream s = response.GetResponseStream();

        StreamReader sreader = new StreamReader(s);

        String str = sreader.ReadToEnd();

        XmlDocument doc = new XmlDocument();

        doc.LoadXml(str);

        XmlNode node = doc.SelectSingleNode("//sourcecode");

        string str_code = node.InnerText;

        string str_num = "";
 

        if (str_code.Equals("500"))

        {

            str_num = "505";

        }

        return str_num;

    }
 

    private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)

    {

        if (cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx"))

        {

            return true;

        }

        return false;

    }

Open in new window

0
 
LVL 14

Accepted Solution

by:
GiftsonDJohn earned 50 total points
Comment Utility
Okay here is the problem.

 private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
    {
        if (cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx"))
        {
            return true;
        }
        return false;
    }

the cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx") should match your certificate signature. else ignore the condition. simply use

private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
    {      
            return true;    
    }

0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now