.NET Framework Bookmark and Share   
 index > .NET Framework Networking and Communication > How to ignore invalid certificate name
 

How to ignore invalid certificate name
I use FtpWebRequest with EnableSsl = true. But I have some problem. The certificate name is invalid, and when I receive an error "The remote certificate is invalid according to the validation procedure". How can I ingore invalid name error on certificate?
Tasadar

You can validate the remote certificate using the remote certificate validation callback on the service point manager
See the sample below

using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;
using System.Net.Security;
using System.Security.Policy;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography;
class Program
{
static void Main(string[] args)
{
Stream s = null;
StreamReader sr = null;
HttpWebResponse res = null;
try{
//Hook a callback to verify the remote certificate
ServicePointManager.ServerCertificateValidationCallback =
new RemoteCertificateValidationCallback(MyCertValidationCb);

HttpWebRequest req
= (HttpWebRequest)
WebRequest.Create("https://localhost/SecureNoClientCerts/test.htm");

req.Proxy = null;

res = req.GetResponse() as HttpWebResponse;
s = res.GetResponseStream();
sr = new StreamReader(s, Encoding.UTF8);
Console.WriteLine(sr.ReadToEnd());
}
catch(Exception ex){
Console.WriteLine(ex);
}
finally{
if(res != null) res.Close();
if(s != null) s.Close();
if(sr != null) sr.Close();
}
}

public static bool MyCertValidationCb(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors)
== SslPolicyErrors.RemoteCertificateChainErrors)
{
return false;
}
else if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch)
== SslPolicyErrors.RemoteCertificateNameMismatch)
{
Zone z;
z = Zone.CreateFromUrl(((HttpWebRequest)sender).RequestUri.ToString());
if (z.SecurityZone == System.Security.SecurityZone.Intranet
|| z.SecurityZone == System.Security.SecurityZone.MyComputer)
{
return true;
}
return false;
}
return false;
}
}

Durgaprasad Gorti
http://fabioscagliola.spaces.live.com/blog/cns!919F8FCDE3DC9AC4!154.entry?_c11_blogpart_blogpart=blogview&_c=blogpart#permalink
Lucian Bargaoanu
I use only FtpWebRequet with EnableSsl = true, but do not use SslStream.
How can I ignore invalid certificate name when I use FtpWebRequest?
Tasadar

You can validate the remote certificate using the remote certificate validation callback on the service point manager
See the sample below

using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;
using System.Net.Security;
using System.Security.Policy;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography;
class Program
{
static void Main(string[] args)
{
Stream s = null;
StreamReader sr = null;
HttpWebResponse res = null;
try{
//Hook a callback to verify the remote certificate
ServicePointManager.ServerCertificateValidationCallback =
new RemoteCertificateValidationCallback(MyCertValidationCb);

HttpWebRequest req
= (HttpWebRequest)
WebRequest.Create("https://localhost/SecureNoClientCerts/test.htm");

req.Proxy = null;

res = req.GetResponse() as HttpWebResponse;
s = res.GetResponseStream();
sr = new StreamReader(s, Encoding.UTF8);
Console.WriteLine(sr.ReadToEnd());
}
catch(Exception ex){
Console.WriteLine(ex);
}
finally{
if(res != null) res.Close();
if(s != null) s.Close();
if(sr != null) sr.Close();
}
}

public static bool MyCertValidationCb(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors)
== SslPolicyErrors.RemoteCertificateChainErrors)
{
return false;
}
else if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch)
== SslPolicyErrors.RemoteCertificateNameMismatch)
{
Zone z;
z = Zone.CreateFromUrl(((HttpWebRequest)sender).RequestUri.ToString());
if (z.SecurityZone == System.Security.SecurityZone.Intranet
|| z.SecurityZone == System.Security.SecurityZone.MyComputer)
{
return true;
}
return false;
}
return false;
}
}

Durgaprasad Gorti
Durgaprasad Gorti,
Thanks! You helped me!
Tasadar

Hi,

The classes do not seem to exist in .NETCF2.0. Is this correct? Do you know the compact framework equivilent code?

Many Thanks

NozFx

NozFx
Good stuff, thank you so much, used your code and it worked like a charm.
gandanaraj
Durga, How would you do the same thing (the callback hookup) in VB.Net? Could you please help. Thanks
Kaushal30
I was able to resolve this by putting this in Form_Load

ServicePointManager.ServerCertificateValidationCallback =

AddressOf MyCertValidationCb

Kaushal30

You can use google to search for other answers

Custom Search

More Threads

• HttpWebRequest and redirected URLs
• internet monitors interfere with my httpwebrequest
• LDAP Anonymous Bind : "The parameter is incorrect" User Authentication VB.net
• [Socket][C#] Free port number(auto assign)
• Socket.ShutDown
• Asynchronous Sockets VS Multithreaded Socket application ?
• request.GetResponse() Fails
• URGENT: Problem While Downloading XLS file
• How can i save the data from client to server using vb.net
• Security for new serial port class
Home          Copyright 2009-2010 by netframeworkdev.com All rights reserved