Поделиться через


Tip #41: Did you know... establishing a remote connection to a IIS server with self-issued certificate will require a certificate validation delegate?

Either through WMSvc or through your own script, whenever you try to establish a connection with a remote server, which doesn’t provide a trusted certificate you need to provide a delegate for this certificate validation check to validate untrusted certificates.

The signature for this delegate is as follows

Namespace: System.Net.Security
Assembly:   System (in System.dll)

 public delegate bool RemoteCertificateValidationCallback(
    Object sender,
    X509Certificate certificate,
    X509Chain chain,
    SslPolicyErrors sslPolicyErrors
)

Thus, to accept ALL server certificates, you will need to set the callback of ServicePointManager to validate a server certificate in the following manner:

 ServicePointManager.ServerCertificateValidationCallback = RemoteCertificateValidationCallbackFlag;

bool RemoteCertificateValidationCallbackCheck(
    Object sender,
    X509Certificate certificate,
    X509Chain chain,
    SslPolicyErrors sslPolicyErrors
)
{
    return true;
}

For the official MSDN documentation on this delegate refer to RemoteCertificateValidationCallback Delegateand ServicePointManager.ServerCertificateValidationCallback Property

Kateryna Rohonyan
SDET, IIS Team

Comments

  • Anonymous
    January 04, 2009
    PingBack from http://www.codedstyle.com/tip-41-did-you-know-establishing-a-remote-connection-to-a-iis-server-with-self-issued-certificate-will-require-a-certificate-validation-delegate/

  • Anonymous
    January 06, 2009
    What's the difference between remotecertificatevalidationcallbackflag and a version in VB: ServicePointManager.ServerCertificateValidationCallback = New RemoteCertificateValidationCallback(AddressOf ValidateCert) Private Function ValidateCert(ByVal sender As Object, _ByVal cert As X509Certificate, _ByVal chain As X509Chain, _ByVal sslErrors As SslPolicyErrors) As Boolean   Return True End Function Not sure why/how your "flag" reference is different?

  • Anonymous
    January 06, 2009
    I just named it this way, to show that my client will accept ALL certificates from the server it is trying to talk to. It is your custom delegate callback function of type RemoteCertificateValidationCallback.

  • Anonymous
    June 05, 2009
    This article is meant to provide a quick reference troubleshooting guide to help with the most frequently