Geek Answers Handbook

How to accept a self-signed SSL certificate in a WCF client?

This might be a dumb question, but I just can't find the answer.

What I would like to do: I have a WCF service hosted by IIS. It works fine, I can access wsdl, I have a self-signed certificate for the server, etc. I would like to call this service with a WPF client.

The problem is that since I have a self-signed certificate, I get the following exception when calling the service: Failed to establish trust relationships for the SSL / TLS secure channel with the localhost authority.

If I access the site (or service) from the browser, this is not a problem, because the browser warns me about the certificate and gives me the opportunity to view the page in any case. But the WPF client just throws an exception.

I don’t want to completely disable the authentication process, I just wanted to give users the opportunity to ignore this warning (as browsers do).

Can anyone provide some code for this? If you came up with a good, detailed guide on this, it would also be awesome. (See, My problem with the tutorials I found is the lack of details)

+8
iis-7 ssl-certificate wpf wcf
source share
2 answers

You can register the certificate yourself. If you also upload the certificate to the client and then register it as trusted, you should not receive this warning.

You need to find the X509CertificateCollection and add the certificate to this collection. I had such a problem when SmtpClient is working on Ssl.

By connecting System.Net.ServicePointManager.ServerCertificateValidationCallback or by implementing System.Net.ICertificatePolicy and define my own installed certificate as valid / trusted (attached to System.Net.ServicePointManager.CertificatePolicy ).

This is not WCF material in itself, but from what I could say, it should also translate to WCF. It all depends on what WCF uses under the hood.

+6
source share

Here, the minimum amount of code that the WCF client needs to do is accept an arbitrary certificate. This is not safe . Use only for testing. Do not blame me if this code gets berserk and eats your little kitten.

 ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(EasyCertCheck);

Callback:

 bool EasyCertCheck(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error) { return true; }

The code is shamelessly taken from the least useful answer to Is it possible to force the WCF test client to accept a self-signed certificate?

+12
source share

More articles:


All Articles