Welcome to MSDN Blogs Sign in | Join | Help

News

  • These postings are provided "AS IS" with no warranties, and confer no rights. Use of included code samples are subject to the terms specified Terms of Use
Tip #41: Did you know... establishing a remote connection to a IIS server with self-issued certificate will require a certificate validation delegate?

Either through WMSvc or through your own script, whenever you try to establish a connection with a remote server, which doesn’t provide a trusted certificate you need to provide a delegate for this certificate validation check to validate untrusted certificates.

The signature for this delegate is as follows

Namespace: System.Net.Security
Assembly:  System (in System.dll)

public delegate bool RemoteCertificateValidationCallback(
    Object sender,
    X509Certificate certificate,
    X509Chain chain,
    SslPolicyErrors sslPolicyErrors
)

Thus, to accept ALL server certificates, you will need to set the callback of ServicePointManager to validate a server certificate in the following manner:

ServicePointManager.ServerCertificateValidationCallback = RemoteCertificateValidationCallbackFlag;

bool RemoteCertificateValidationCallbackCheck(
    Object sender,
    X509Certificate certificate,
    X509Chain chain,
    SslPolicyErrors sslPolicyErrors
)
{
    return true;
}

For the official MSDN documentation on this delegate refer to RemoteCertificateValidationCallback Delegate and ServicePointManager.ServerCertificateValidationCallback Property

Kateryna Rohonyan
SDET, IIS Team

Posted: Sunday, January 04, 2009 10:07 PM by WebDevTools
Filed under: ,

Comments

Tip #41: Did you know… establishing a remote connection to a IIS server with self-issued certificate will require a certificate validation delegate? | Coded Style said:

PingBack from http://www.codedstyle.com/tip-41-did-you-know-establishing-a-remote-connection-to-a-iis-server-with-self-issued-certificate-will-require-a-certificate-validation-delegate/

# January 4, 2009 5:27 PM

Dan said:

What's the difference between remotecertificatevalidationcallbackflag and a version in VB:

ServicePointManager.ServerCertificateValidationCallback = New RemoteCertificateValidationCallback(AddressOf ValidateCert)

Private Function ValidateCert(ByVal sender As Object,

_ByVal cert As X509Certificate,

_ByVal chain As X509Chain,

_ByVal sslErrors As SslPolicyErrors) As Boolean

  Return True

End Function

Not sure why/how your "flag" reference is different?

# January 6, 2009 12:20 PM

Kateryna said:

I just named it this way, to show that my client will accept ALL certificates from the server it is trying to talk to. It is your custom delegate callback function of type RemoteCertificateValidationCallback.

# January 6, 2009 4:26 PM

Kateryna's Blog said:

This article is meant to provide a quick reference troubleshooting guide to help with the most frequently

# June 5, 2009 12:29 PM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

  
Enter Code Here: Required

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker