locked
Service Certificate Validation "mode=none" RRS feed

  • Question

  • I've made a self-hosted service, using basicHttpBinding, with transport mode security.  The SSL connection works fine as long as the client keeps the server's self-signed certificate in its trusted certificate store.  But it stops working when I follow MS documentation about "validation mode" settings:
    http://msdn.microsoft.com/en-us/library/ms733806.aspx

    In other words, on the client I move the server's certificate to the (untrusted) "Personal" store and change the client to skip certificate validation:

    MyClient.ChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode =
      System.ServiceModel.Security.X509CertificateValidationMode.None;
    ...and...
    MyClient.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = 
      System.ServiceModel.Security.X509CertificateValidationMode.None;

    I set the mode in both places "just in case."  With this new configuration, the client suddenly can't form an SSL session...it gives the error "SecurityNegotiationException: Could not establish trust relationship for the SSL / TLS secure channel".

    In other words, setting the validation mode to "none" doesn't seem to accomplish anything.  Ideas?
    -Brent Arias
    Tuesday, December 16, 2008 8:48 PM

Answers

All replies