Best IT Recipes

Bypassing Incorrect SSL Certificate Errors When Calling Web Services on .Net

We are creating a new SharePoint, for which we do not yet have a valid SSL certificate. I would like to call the list web service to get some installation metadata. However, when I try to do this, I get an exception:

The connected connection was closed: Failed to establish trust for the SSL / TLS secure channel.

The nested exception contains an error message:

The remote certificate is invalid according to the verification procedure.

This is correct as we use a temporary certificate.

My question is: how can I tell the client of the .Net web service (SoapHttpClientProtocol) to ignore these errors?

+80
web-services sharepoint
Sep 20 '08 at 20:07
source share
8 answers

The approach I used when I came across this problem was to add a temporary certificate subscriber to the list of proxies on the appropriate computer.

I usually test with certificates created using CACERT, and adding them to the list of trusted credentials works smoothly.

Performing this method means that you do not need to add any custom code to your application, and it correctly mimics what will happen when your application is deployed. Thus, I think this is an excellent solution for programmatically checking a program.

+17
Sep 20 '08 at 20:51
source share

Alternatively, you can register a call delegate that ignores the certification error:

... ServicePointManager.ServerCertificateValidationCallback = MyCertHandler; ... static bool MyCertHandler(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors error) { // Ignore errors return true; }
+106
Jan 09 '09 at 11:57
source share

Like Jason C answer:

 ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

I put this in my main and look at my app.config and test if (ConfigurationManager.AppSettings["IgnoreSSLCertificates"] == "True") before calling this line of code.

+71
May 14, '09 at 21:10
source share

I solved it like this:

Call the following immediately before invoking the ssl web service that causes this error:

 using System.Net; using System.Net.Security; using System.Security.Cryptography.X509Certificates; /// <summary> /// solution for exception /// System.Net.WebException: /// The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. /// </summary> public static void BypassCertificateError() { ServicePointManager.ServerCertificateValidationCallback += delegate( Object sender1, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; }; }
+20
Aug 6 '10 at 12:23
source share

I had the same error using DownloadString; and was able to do it as shown below with the suggestions on this page

 System.Net.WebClient client = new System.Net.WebClient(); ServicePointManager.ServerCertificateValidationCallback = delegate { return true; }; string sHttpResonse = client.DownloadString(sUrl);
+10
Feb 14 '14 at
source share
 ServicePointManager.ServerCertificateValidationCallback += (mender, certificate, chain, sslPolicyErrors) => true;

will bypass invaild ssl. Write it to the web service designer.

+2
Feb 02 '15 at 8:47
source share

To continue working on the Simon Johnsons website - Ideally, you need a solution that will simulate the conditions that you will see during the production process, and changing the code will not do this and can be dangerous if you forget to take the code before deploying it.

You will need a self-signed certificate. If you use IIS Express, you will have one of them, you just need to find it. Open Firefox or any other browser you like and go to your dev website. You should be able to view certificate information from a URL string, and depending on your browser, you should be able to export the certificate to a file.

Then open MMC.exe and add the Certificate snap-in. Import the certificate file into the repository of trusted root certificate authorities and all that you need. It is important that he gets to this store, and not to any other store, such as "Personal". If you are unfamiliar with MMC or certificates, there are numerous websites with information on how to do this.

Now your computer as a whole will implicitly trust any certificates that it created itself, and you will not need to add code to deal with this specifically. When you move on to production, it will continue to work if you have the correct valid certificate installed there. Do not do this on a production server - this would be bad, and it would not work for clients other than those on the server itself.

+1
Apr 12 '16 at 2:22
source share

For beginners, you can expand your partial service class in a separate cs file and add the code provided by "imanabidi" to integrate it

0
Dec 16 '13 at 18:12
source share


More articles:


All Articles