Geek Answers Handbook

Windows Server Self-Signed Certificate

I have a C # console application that uses a web service that is outside of my network. I was told that web services use a self-signed certificate for SSL. I am not familiar with the certificate, and I am wondering what I need to do in the .net / windows server environment.

Thanks.

+8
c # ssl ssl-certificate
source share
2 answers

Authorized certificates will not be considered valid by your application by default, because a trusted third party does not verify the certificate. Typically, you will see self-signed certificates on test servers, and you can find more information about signed or signed certificates here .

If you have problems with calling web services, you need to either install the certificate on the computer on which your application is running, or create a special validator that you can use to inform your application about accepting a self-signed certificate. Starting with .NET 2.0, custom SSL verification is performed by specifying a custom method in the ServicePointManager.ServerCertificateValidationCallback property.

An example of using the ServerCertificateValidationCallback property can be found here: http://weblogs.asp.net/smehaffie/archive/2009/09/10/calling-web-services-that-use-self-signed-certificates.aspx

+4
source share

This is a big question, especially regarding X.509 security. Usually with a self-signed certificate, you should import the source CA used to sign this certificate (usually the self-signed CA used by the application) into your key (to make sure that you are connecting to the correct server). This is usually required because your client application will check the connection if the certificate is signed by a known and trusted CA or matches an existing certificate in your chain.

In C #, you can check the System.Net.Security namespace and especially the SSlStream class for more details.

If you need to import a certificate into your keychain, you can use various interfaces to access keyring from the graphical user interface using the command line "Certutil.exe" or through various APIs .

+3
source share

More articles:


All Articles