locked
Accepting client certificate for https connections. RRS feed

  • Question

  • Hi,

    Is there anyway to access https secured websites/webservices which uses self-signed certificates, without installing in the devices?

    Exception:  The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel

    How to make secured Https connections either by making self-signed certificates in Metro apps programmatically.


    -Varshant


    • Edited by VarShant Wednesday, September 26, 2012 12:47 PM Exception provided
    Wednesday, September 26, 2012 11:00 AM

Answers

  • No, this is by-design. 

    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    • Marked as answer by Min ZhuMember Monday, October 8, 2012 5:27 AM
    Wednesday, September 26, 2012 1:44 PM
    Moderator
  • The workaround is: don't use a self-signed certificate that isn't installed on the client machine's trusted certificate cache.


    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    • Marked as answer by Min ZhuMember Monday, October 8, 2012 5:27 AM
    Wednesday, October 3, 2012 1:13 PM
    Moderator

All replies

  • No, this is by-design. 

    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    • Marked as answer by Min ZhuMember Monday, October 8, 2012 5:27 AM
    Wednesday, September 26, 2012 1:44 PM
    Moderator
  • Thanks Matt.

    If it by design, please suggest any method to identify if the certificate is not valid.

    Can we validate the remote server certificate in Metro Apps?


    -Varshant

    Thursday, September 27, 2012 6:28 AM
  • What's the scenario where you want to use self-signed certs in a published app?

    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    Tuesday, October 2, 2012 8:56 PM
    Moderator
  • Hi Matt,

    Here my requirement is to provide a secure http connection to any https urls. For this, I'm using HttpClient to provide a connection to the required requests. But when using any Https url with un-signed or invalid certificates, I get the below exception. How to handle this exception?

    Exception Inner Message:  Could not establish trust relationship for the SSL/TLS secure channel.

    When I use the same URL in any browser, I get a recommendation to open or  not.

    So without installing the certificate, can we access the Https URL programmatically?


    -Varshant

    Wednesday, October 3, 2012 6:26 AM
  • The workaround is: don't use a self-signed certificate that isn't installed on the client machine's trusted certificate cache.


    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    • Marked as answer by Min ZhuMember Monday, October 8, 2012 5:27 AM
    Wednesday, October 3, 2012 1:13 PM
    Moderator
  • Fine.

    Ok, is there anyway to download the server certificate?


    -Varshant

    Monday, October 8, 2012 7:08 AM
  • So in other words: if we use a self-signed certificate for HTTPS, we solve the problem by also installing that certificate into the WinRT's application certificate store. Did I understand correctly? If so, how can we do this?

    Tuesday, October 9, 2012 3:16 PM
  • Ok real client usecase here.. My Client makes and sells millions of servers every year.. Those servers include WSMan based administration consoles that there clients use.. We are building a Modern UI app for them to allow Network admins to manage there server farms.. Are we really going to tell our client (one of the top 4 Windows Hardware manufactures in the world) that they can't connect to self signed WSMAN hosts? They have gone out of there way to support self-signed cert generated on the machine by the management console we have to tell the client, that to support Windows 8 they have to write off all those devices???

    There has to be another way...

    (Yes there clients (a HUGE percentage of datacenters from small shops to HUGE enterprises) can install legitimate SSL certs, but its not our job to tell our clients how to run their datacenters.. And managing 5000 servers in a large data farm managing certs stops becoming a trivial task).

    Thanks

    Josh

    Tuesday, November 13, 2012 5:07 PM
  • So the solution is to use unencrypted ports! Wonderful!
    Friday, August 2, 2013 6:28 PM