Geek Answers Handbook

How to add a trusted CA certificate (NOT a client certificate) to HttpWebRequest?

I wrote a program in C # that uses HttpWebRequestHTTPS to connect to the site. The method GetResponse()throws an exception:

SystemError: The underlying connection was closed: Failed to establish trust for the SSL / TLS secure channel.

I can connect to the same website using curl.exe --cacert CAFile.pem. I would like to be able to use the same trusted CA certificates from a C # program.

How can I get HttpWebRequestto use this CA certificate file (or tag X509CertificateCollectioncontaining parsing)?

+5
source share
2 answers

ServerCertificateValidationCallback, :

public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    if (sslPolicyErrors == SslPolicyErrors.None)
    return true;

    X509Chain privateChain = new X509Chain();
    privateChain.ChainPolicy.RevocationMode = X509RevocationMode.Offline;

    X509Certificate2 cert2 = new X509Certificate2(certificate);
    X509Certificate2 signerCert2 = new X509Certificate2(@"C:\MyCACert.PEM");

    privateChain.ChainPolicy.ExtraStore.Add(signerCert2);       
    privateChain.Build(cert2);

    bool isValid = true;

    foreach (X509ChainStatus chainStatus in privateChain.ChainStatus)
    {
        if (chainStatus.Status != X509ChainStatusFlags.NoError)
        {
            isValid = false;
            break;
        }
    }

    return isValid;
}

, , - , .

+6

, ICertificatePolicy :

private X509CertificateCollection   _certs;
private ICertificatePolicy          _defaultPolicy;

public bool CheckValidationResult(ServicePoint svcPoint, X509Certificate cert, WebRequest req, int problem)
{
    if ((_defaultPolicy != null) && _defaultPolicy.CheckValidationResult(svcPoint, cert, req, problem))
    {
        return true;
    }

    foreach (X509Certificate caCert in _certs)
    {
        if (caCert.Equals(cert))
        {
            return true;
        }
    }

    return false;
}

( .)

_defaultPolicy ServicePointManager.CertificatePolicy, .

_certs (). PEM _certs.Add(new X509Certificate(Convert.FromBase64String(base64cert)));

CertificatePolicy ServerCertificateValidationCallback, .NET.

+1

More articles:


All Articles