Answered by:
How to ignore invalid certificate name

Question
-
I use FtpWebRequest with EnableSsl = true. But I have some problem. The certificate name is invalid, and when I receive an error "The remote certificate is invalid according to the validation procedure". How can I ingore invalid name error on certificate?Friday, September 1, 2006 6:50 AM
Answers
-
You can validate the remote certificate using the remote certificate validation callback on the service point manager
See the sample belowusing System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;
using System.Net.Security;
using System.Security.Policy;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography;
class Program
{
static void Main(string[] args)
{
Stream s = null;
StreamReader sr = null;
HttpWebResponse res = null;
try{
//Hook a callback to verify the remote certificate
ServicePointManager.ServerCertificateValidationCallback =
new RemoteCertificateValidationCallback(MyCertValidationCb);HttpWebRequest req
= (HttpWebRequest)
WebRequest.Create("https://localhost/SecureNoClientCerts/test.htm");req.Proxy = null;
res = req.GetResponse() as HttpWebResponse;
s = res.GetResponseStream();
sr = new StreamReader(s, Encoding.UTF8);
Console.WriteLine(sr.ReadToEnd());
}
catch(Exception ex){
Console.WriteLine(ex);
}
finally{
if(res != null) res.Close();
if(s != null) s.Close();
if(sr != null) sr.Close();
}
}public static bool MyCertValidationCb(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors)
== SslPolicyErrors.RemoteCertificateChainErrors)
{
return false;
}
else if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch)
== SslPolicyErrors.RemoteCertificateNameMismatch)
{
Zone z;
z = Zone.CreateFromUrl(((HttpWebRequest)sender).RequestUri.ToString());
if (z.SecurityZone == System.Security.SecurityZone.Intranet
|| z.SecurityZone == System.Security.SecurityZone.MyComputer)
{
return true;
}
return false;
}
return false;
}
}Friday, September 1, 2006 2:36 PMModerator
All replies
-
Friday, September 1, 2006 7:36 AM
-
I use only FtpWebRequet with EnableSsl = true, but do not use SslStream.
How can I ignore invalid certificate name when I use FtpWebRequest?Friday, September 1, 2006 12:32 PM -
You can validate the remote certificate using the remote certificate validation callback on the service point manager
See the sample belowusing System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;
using System.Net.Security;
using System.Security.Policy;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography;
class Program
{
static void Main(string[] args)
{
Stream s = null;
StreamReader sr = null;
HttpWebResponse res = null;
try{
//Hook a callback to verify the remote certificate
ServicePointManager.ServerCertificateValidationCallback =
new RemoteCertificateValidationCallback(MyCertValidationCb);HttpWebRequest req
= (HttpWebRequest)
WebRequest.Create("https://localhost/SecureNoClientCerts/test.htm");req.Proxy = null;
res = req.GetResponse() as HttpWebResponse;
s = res.GetResponseStream();
sr = new StreamReader(s, Encoding.UTF8);
Console.WriteLine(sr.ReadToEnd());
}
catch(Exception ex){
Console.WriteLine(ex);
}
finally{
if(res != null) res.Close();
if(s != null) s.Close();
if(sr != null) sr.Close();
}
}public static bool MyCertValidationCb(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors)
== SslPolicyErrors.RemoteCertificateChainErrors)
{
return false;
}
else if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch)
== SslPolicyErrors.RemoteCertificateNameMismatch)
{
Zone z;
z = Zone.CreateFromUrl(((HttpWebRequest)sender).RequestUri.ToString());
if (z.SecurityZone == System.Security.SecurityZone.Intranet
|| z.SecurityZone == System.Security.SecurityZone.MyComputer)
{
return true;
}
return false;
}
return false;
}
}Friday, September 1, 2006 2:36 PMModerator -
Monday, September 4, 2006 5:29 AM
-
Hi,
The classes do not seem to exist in .NETCF2.0. Is this correct? Do you know the compact framework equivilent code?
Many Thanks
NozFx
Friday, November 16, 2007 5:08 PM -
Good stuff, thank you so much, used your code and it worked like a charm.Friday, November 30, 2007 2:56 AM
-
Durga, How would you do the same thing (the callback hookup) in VB.Net? Could you please help. ThanksFriday, September 18, 2009 5:28 PM
-
I was able to resolve this by putting this in Form_Load
ServicePointManager.ServerCertificateValidationCallback =
AddressOf MyCertValidationCb
Friday, September 18, 2009 8:18 PM