tags:

views:

67

answers:

1
+1  Q: 

TrustAllCertificatesCallback is ignored

Given a url or server name, how can i use powershell or a .net library to download the (expired) certificate the web server is using and then save it to file or import it into my certificate store?

Thanks!

I have made progress, i got this far on this problem:

static class Program
    {
        static void Main()
        {
            ServicePointManager.ServerCertificateValidationCallback = TrustAllCertificatesCallback;
            var tcpclient = new TcpClient("remote.example.com", 443);
            var tcpstream = tcpclient.GetStream();
            var sslstream = new SslStream(tcpstream);
            sslstream.AuthenticateAsClient("remote.example.com");
            X509Certificate rc = sslstream.RemoteCertificate;
            Console.WriteLine(rc.ToString());
            Console.ReadLine();
        }

        public static bool TrustAllCertificatesCallback(
            object sender, X509Certificate cert,
            X509Chain chain, System.Net.Security.SslPolicyErrors errors)
        {
            return true;
        }
    }

Now, when i run this program i get an AuthenticationException on the AuthenticateAsClient line and it says "The remote certificate is invalid according to the validation procedure." I ran it with a breakpoint on return true; and it never called the TrustAllCertificatesCallback. I think there is a permission or configuration problem with the assembly, does anyone know how to fix it?

+1  A: 

I haven't done something like this, but looking at the examples I think I can see what is wrong. Try this code:

static class Program
{
    static void Main()
    {
        var tcpclient = new TcpClient("remote.example.com", 443);
        var tcpstream = tcpclient.GetStream();
        var sslstream = new SslStream(tcpstream, false, new RemoteCertificateValidationCallback (TrustAllCertificatesCallback));
        sslstream.AuthenticateAsClient("remote.example.com");
        X509Certificate rc = sslstream.RemoteCertificate;
        Console.WriteLine(rc.ToString());
        Console.ReadLine();
    }

    public static bool TrustAllCertificatesCallback(
        object sender, X509Certificate cert,
        X509Chain chain, System.Net.Security.SslPolicyErrors errors)
    {
        return true;
    }
}
JasonMArcher  2010-10-19 18:49:00
That was it! Thanks!
Segfault  2010-10-21 13:23:29
There was a [SSL Oblivious Web Client][1] on PoshCode, and there's also [Get-Cert][2] which actually gets the cert instead of just trusting all certs. [1]: http://poshcode.org/624 [2]: http://poshcode.org/69
Jaykul  2010-10-25 14:05:26

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?