views:

236

answers:

4

I'm attempting to add SSL to my server for sending customer details to a client.

It appears to be working on the Server side with the digital certificate (.pfx) being loaded succesfully.

The problem comes when I try to connect with the client. An AuthenticationException is thrown stating that the remote certificate is invalid. The certificate is a self-signed test certificate - could this be the problem?

If not, I'm out of ideas!

EDIT: The certificate is in the trusted root certificate folder in the MMC on both sides (server and client are being run on the same machine for devel purposes).

+1  A: 

That could most definitely be the problem. Have you tried adding that web server to your trusted Root Certificates on the client? If the client does not trust the certificate provider (your web server, since self-signed), it will throw exception when attempting to authenticate the certificate.

mtazva
A: 

How did you generate the certificate?

  • By default makecert.exe will generate a certificate that is not suitable for use ssl authentication.

  • Use the "-sky exhange" option to generate a suitable one.

makecert -n "CN=Client" -pe -ss My -sr CurrentUser -sky exchange client.cer makecert -n "CN=Host" -pe -ss My -sr LocalMachine -sky exchange host.cer

timvw
I couldn't find makecert.exe anywhere on my development machine so I had to use an Open Source certificate generator. It looks to be working though!
Bailz
+2  A: 

I've had to override the validation method:

public static bool RemoteCertificateValidationCallback(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    return true;
}

Obviously this will accept every certificate that is passed to it so I'll need to check using the hash of the certificate or something similar. However, right now it's holiday time!

Bailz
A: 

I use for my mail server an SSL certificate generates with X509Builder at http://www.we-coffee.com/x509builder.aspx The application doesn't generate a self signed certificate but two distinct certificate. The SSL certificate with the private key to install to the server and the ca certificate to install to the client. This would solve your issue

Matteo Slaviero