?
Solved

How to accept ssl cert automatically through httpRequest?

Posted on 2009-04-07
9
Medium Priority
?
3,422 Views
Last Modified: 2013-12-17
Hi

I use the code to get the xml return from a web service.

It throws exception:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

How can I code it in VC# to automatically accept the cert?

I use ASP.NET and C#.

WebRequest request = WebRequest.Create(url);
WebResponse response = request.GetResponse();

Open in new window

0
Comment
Question by:techques
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24094356
If the SSL certificate is not valid it will throw the error. You can override the Certificate Check by using following code.
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(CheckServerCertificateValid);
 
private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
        {
            if (cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx"))
            {
 
                return true;
 
            }
 
            return false;
 
        }

Open in new window

0
 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24094364
I have did a validation check to bypass the certificate only from a desired server. If you want to enable all certificates, just ignore the conditions. The value for the certificate validation can be obtained from your certificate properties.
0
 

Author Comment

by:techques
ID: 24094372
The type or namespace name 'X509Certificate' could not be found (are you missing a using directive or an assembly reference?)
0
TCP/IP Network Protocol Cheat Sheet

TCP/IP is a set of network protocols which is best known for connecting the machines that make up the Internet. The truth is that TCP/IP is one of the oldest network protocols and its survival is mainly based on its simplicity and universality.

 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24094598
please include

using System.Security.Cryptography.X509Certificates;
0
 

Author Comment

by:techques
ID: 24094738
yes, i included using System.Security.Cryptography.X509Certificates;

The type or namespace name 'SslPolicyErrors' could not be found

0
 

Author Comment

by:techques
ID: 24094891
I added
using System.Net.Security and it can compile. However, when I run your code, it throws the same error:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure

It did not bypass the cert.
0
 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24094927
Can you please post the code?
0
 

Author Comment

by:techques
ID: 24095010
Here is the code:

string h = "https://Hostmachine/csdb/servlet/Check?MSISDN="+me+"&Username=username&Password=password";

was tested with real ip, username and password
    private string Check(string me)
    {
        string h = "https://Hostmachine/servlet/Check?MSISDN="+me+"&Username=username&Password=password";
        ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(CheckServerCertificateValid);
 
        WebRequest request = WebRequest.Create(h);
        WebResponse response = request.GetResponse();
 
        Stream s = response.GetResponseStream();
        StreamReader sreader = new StreamReader(s);
        String str = sreader.ReadToEnd();
        XmlDocument doc = new XmlDocument();
        doc.LoadXml(str);
        XmlNode node = doc.SelectSingleNode("//sourcecode");
        string str_code = node.InnerText;
        string str_num = "";
 
        if (str_code.Equals("500"))
        {
            str_num = "505";
        }
        return str_num;
    }
 
    private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
    {
        if (cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx"))
        {
            return true;
        }
        return false;
    }

Open in new window

0
 
LVL 14

Accepted Solution

by:
GiftsonDJohn earned 150 total points
ID: 24095100
Okay here is the problem.

 private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
    {
        if (cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx"))
        {
            return true;
        }
        return false;
    }

the cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx") should match your certificate signature. else ignore the condition. simply use

private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
    {      
            return true;    
    }

0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question