tags:

views:

236

answers:

4
Q: 

Invalid Digital Certificate

I'm attempting to add SSL to my server for sending customer details to a client.

It appears to be working on the Server side with the digital certificate (.pfx) being loaded succesfully.

The problem comes when I try to connect with the client. An AuthenticationException is thrown stating that the remote certificate is invalid. The certificate is a self-signed test certificate - could this be the problem?

If not, I'm out of ideas!

EDIT: The certificate is in the trusted root certificate folder in the MMC on both sides (server and client are being run on the same machine for devel purposes).

+1  A: 

That could most definitely be the problem. Have you tried adding that web server to your trusted Root Certificates on the client? If the client does not trust the certificate provider (your web server, since self-signed), it will throw exception when attempting to authenticate the certificate.

mtazva  2009-04-03 15:06:04
A: 

How did you generate the certificate?

  • By default makecert.exe will generate a certificate that is not suitable for use ssl authentication.

  • Use the "-sky exhange" option to generate a suitable one.

makecert -n "CN=Client" -pe -ss My -sr CurrentUser -sky exchange client.cer makecert -n "CN=Host" -pe -ss My -sr LocalMachine -sky exchange host.cer

timvw  2009-04-03 16:04:53
I couldn't find makecert.exe anywhere on my development machine so I had to use an Open Source certificate generator. It looks to be working though!
Bailz  2009-04-03 16:07:38
+2  A: 

I've had to override the validation method:

public static bool RemoteCertificateValidationCallback(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    return true;
}

Obviously this will accept every certificate that is passed to it so I'll need to check using the hash of the certificate or something similar. However, right now it's holiday time!

Bailz  2009-04-03 16:06:30
A: 

I use for my mail server an SSL certificate generates with X509Builder at http://www.we-coffee.com/x509builder.aspx The application doesn't generate a self signed certificate but two distinct certificate. The SSL certificate with the private key to install to the server and the ca certificate to install to the client. This would solve your issue

Matteo Slaviero  2009-09-26 20:09:18

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?