Comments on: Accepting a Flaky Certificate When Doing an SSL POST http://bobondevelopment.com/2007/01/16/accepting-a-flaky-certificate-when-doing-an-ssl-post/ Musings on the craft and business of software development Wed, 20 Aug 2008 13:35:31 +0000 http://wordpress.org/?v=2.5.1 By: Bob http://bobondevelopment.com/2007/01/16/accepting-a-flaky-certificate-when-doing-an-ssl-post/#comment-2063 Bob Thu, 19 Jul 2007 14:19:01 +0000 http://bobondevelopment.com/?p=19#comment-2063 I cant get the ServerCertificateValidationCallback to work. I keep getting "unable to connect to remote host" The web service has an invalid SSL cert, but I dont care I still want to call the methods on the web service. Here is my code: ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate; hew.apshealthcare.healtheweb_test.HealthEWebService webservice = new hew.apshealthcare.healtheweb_test.HealthEWebService(); DataSet ds = webservice.GetEligibleFamilyMembers(this.tbMemberId.Text); this.GridView1.DataSource = ds; this.GridView1.DataBind(); } public static bool ValidateServerCertificate( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } I cant get the ServerCertificateValidationCallback to work. I keep getting “unable to connect to remote host”
The web service has an invalid SSL cert, but I dont care I still want to call the methods on the web service. Here is my code:

ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate;

hew.apshealthcare.healtheweb_test.HealthEWebService webservice = new hew.apshealthcare.healtheweb_test.HealthEWebService();

DataSet ds = webservice.GetEligibleFamilyMembers(this.tbMemberId.Text);
this.GridView1.DataSource = ds;
this.GridView1.DataBind();
}

public static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
return true;

}

]]> By: Mrinal http://bobondevelopment.com/2007/01/16/accepting-a-flaky-certificate-when-doing-an-ssl-post/#comment-1872 Mrinal Thu, 24 May 2007 22:07:36 +0000 http://bobondevelopment.com/?p=19#comment-1872 I use the code just before calling my web service. It is a c# .Net 2.0 client code that connects to server view web service. When I use a SSL enabled connection from windows XP, the connection goes through. The same code when run on windows Vista throws an exception of type System.Net.WebException. I verified that the WSDL for the web service is accessible from the browser on Vista. <em>Bob responds: Sounds like you're doing the right things but are running afoul of Vista's tighter security defaults. I would research Vista system security policies and suspect you'll find that by default it's either impossible to accept an expired cert and/or a cert where the URI does not exactly match the cert; or you can't do it without elevation. Hopefully this can be configured away at your discretion. I know for my client's project that prompted this posting, they cannot dictate to their partner for a server-side resolution. There are times when you implicitly trust the URI and the cert just enables SSL encryption, and isn't really intended to be used for verification of identity.</em> I use the code just before calling my web service. It is a c# .Net 2.0 client code that connects to server view web service. When I use a SSL enabled connection from windows XP, the connection goes through. The same code when run on windows Vista throws an exception of type System.Net.WebException. I verified that the WSDL for the web service is accessible from the browser on Vista.

Bob responds: Sounds like you’re doing the right things but are running afoul of Vista’s tighter security defaults. I would research Vista system security policies and suspect you’ll find that by default it’s either impossible to accept an expired cert and/or a cert where the URI does not exactly match the cert; or you can’t do it without elevation. Hopefully this can be configured away at your discretion. I know for my client’s project that prompted this posting, they cannot dictate to their partner for a server-side resolution. There are times when you implicitly trust the URI and the cert just enables SSL encryption, and isn’t really intended to be used for verification of identity.

]]> By: Mrinal http://bobondevelopment.com/2007/01/16/accepting-a-flaky-certificate-when-doing-an-ssl-post/#comment-1871 Mrinal Thu, 24 May 2007 20:59:54 +0000 http://bobondevelopment.com/?p=19#comment-1871 This does not work on Vista. Would you know the solution that works on Vista? <em>Bob responds: Not offhand, but may I ask, what exactly are the symptoms of it not working on Vista? And can you verify that your implementation of this works correctly on, say, XP?</em> This does not work on Vista. Would you know the solution that works on Vista?

Bob responds: Not offhand, but may I ask, what exactly are the symptoms of it not working on Vista? And can you verify that your implementation of this works correctly on, say, XP?

]]>