Solved

How to accept ssl cert automatically through httpRequest?

Posted on 2009-04-07
9
3,399 Views
Last Modified: 2013-12-17
Hi

I use the code to get the xml return from a web service.

It throws exception:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

How can I code it in VC# to automatically accept the cert?

I use ASP.NET and C#.

WebRequest request = WebRequest.Create(url);
WebResponse response = request.GetResponse();

Open in new window

0
Comment
Question by:techques
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24094356
If the SSL certificate is not valid it will throw the error. You can override the Certificate Check by using following code.
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(CheckServerCertificateValid);
 
private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
        {
            if (cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx"))
            {
 
                return true;
 
            }
 
            return false;
 
        }

Open in new window

0
 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24094364
I have did a validation check to bypass the certificate only from a desired server. If you want to enable all certificates, just ignore the conditions. The value for the certificate validation can be obtained from your certificate properties.
0
 

Author Comment

by:techques
ID: 24094372
The type or namespace name 'X509Certificate' could not be found (are you missing a using directive or an assembly reference?)
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24094598
please include

using System.Security.Cryptography.X509Certificates;
0
 

Author Comment

by:techques
ID: 24094738
yes, i included using System.Security.Cryptography.X509Certificates;

The type or namespace name 'SslPolicyErrors' could not be found

0
 

Author Comment

by:techques
ID: 24094891
I added
using System.Net.Security and it can compile. However, when I run your code, it throws the same error:

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure

It did not bypass the cert.
0
 
LVL 14

Expert Comment

by:GiftsonDJohn
ID: 24094927
Can you please post the code?
0
 

Author Comment

by:techques
ID: 24095010
Here is the code:

string h = "https://Hostmachine/csdb/servlet/Check?MSISDN="+me+"&Username=username&Password=password";

was tested with real ip, username and password
    private string Check(string me)
    {
        string h = "https://Hostmachine/servlet/Check?MSISDN="+me+"&Username=username&Password=password";
        ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(CheckServerCertificateValid);
 
        WebRequest request = WebRequest.Create(h);
        WebResponse response = request.GetResponse();
 
        Stream s = response.GetResponseStream();
        StreamReader sreader = new StreamReader(s);
        String str = sreader.ReadToEnd();
        XmlDocument doc = new XmlDocument();
        doc.LoadXml(str);
        XmlNode node = doc.SelectSingleNode("//sourcecode");
        string str_code = node.InnerText;
        string str_num = "";
 
        if (str_code.Equals("500"))
        {
            str_num = "505";
        }
        return str_num;
    }
 
    private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
    {
        if (cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx"))
        {
            return true;
        }
        return false;
    }

Open in new window

0
 
LVL 14

Accepted Solution

by:
GiftsonDJohn earned 50 total points
ID: 24095100
Okay here is the problem.

 private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
    {
        if (cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx"))
        {
            return true;
        }
        return false;
    }

the cert.Subject.Equals("CN=xxxx, OU=xxxx, O=xxxx, L=xxxx, S=xx, C=xx") should match your certificate signature. else ignore the condition. simply use

private static bool CheckServerCertificateValid(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
    {      
            return true;    
    }

0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question