Webservice(s) via HTTPS - Trust Relationship Using ICertificatePolicy

If you ever tried to consume a web resource progrmmatically via SSL/HTTPS it is possible that you would get the following error:

"The underlying connection was closed: Could not establish trust relationship with remote server."

The problem is that your application does not accept certificates that the remote service sends in order to establish connection. If you browse the web via HTTPS (SSL), sometimes you could see that annoying HTTPS confirmation dialog. When you don't browse it manually but try to establish the connection programmatically - you just have to simulate that dialog.

All credit for the solution goes to Jan Tielens. System.Net namespace in .NET Framework provides ICertificatePolicy interface with a single method called CheckValidationResult, so we can decide whether we trust the certificate or not by overloading this method. The most simple implementation would be the following "acceptall" class:

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy
{
    public TrustAllCertificatePolicy() {}
    public bool CheckValidationResult(ServicePoint sp, 
        X509Certificate cert,
        WebRequest req, 
        int problem)
    {
        return true;
    }
}

So before establishing HTTPS connection (either via WebRequest, WebServices or other) to remote server just call:

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

Enjoy

Related Posts:

so we can decide whether we trust the certificate or not. what should i do to trust only the specified client.

can u mail me at niki_kadu@yahoo.co.in

Hi,

I got lots of mails asking me about "WebServices via HTTPS". So here is my approach in brief.

1.Create a class inherited from ICertificatePolicy class.
2.Implement the function 'CheckValidationResult'
3.Check if 'certificate.GetIssuerName()' is the one u want to trust
Have a look at the code below:-

public class myclass : ICertificatePolicy
{
public myclass () {}

// Default value for certificate validation.
public static bool DefaultValidate = false;
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate,WebRequest request, int certificateProblem)
{
long certProb = (long)certificateProblem;
if (certificateProblem == 0 || certProb == 0x800c010f)
{
return certificate.GetIssuerName().Equals("C=<country ID>, S=<state>, L=<location>, O=<office>, OU=<office unit>, CN=<host name>, E=email id") && request.RequestUri.Host.Equals(<host name>);

//The above string is available in control panel->IIS->Default website -> properties->Directory security->view certificate->Details -> Issuer
}
else
{
return false;
}
} // end CheckValidationResult



Regards,
Nikhil Kadu (niki_kadu@yahoo.co.in)
PICT
Pune

Hi,

The above solution provided by Jan T. works great.
I moved up to VS2005 and the interface is obsoleted.

What the next way to go about this problem..?
Any hints.?

Many thanks,


IvoB

Ivo: What error do you get if you do not use it ?

Hi,

what should i pass for srvPoint,certificate,request and certificateProblem in

public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate,WebRequest request, int certificateProblem)


Please Tell me..

regards,

shivaraj

shivaraj: Nothing, just create instance of that class...