Problem sending E-mail using C#

Question

Hello, When I try to send E-mail using C# with gmail's smtp server,I get this error..

"The remote certificate is invalid according to the validation procedure".

SSL is enabled

Port used is 587

server name used is "Smtp.gmail.com".

username and password is correct

outlook express works fine on the same pc with the same settings

The c# program also works fine in other places...we get this error only in the clients place.

Would appreciate any help..

Thanks

Edit: @Andomar,Where do I find the root certificates in the client? How do I fix this?

@Alnitak,How do I issue starttls using System.Net.Mail library though?

@David,What do I pass as parameter for "(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)"

Thanks David. I've added those lines. But,I'm still confused about whats going on since this code doesn't have any direct connection with System.Net.Mail as far as my understanding.Hope the problem goes away.

Answer 1

Check if the proper root certificates are in the client's store. And the client's system date is correct.

Answer 2

Are you using STARTTLS or assuming that the connection on port 587 is SSL encrypted from the outset?

Google's servers on smtp.gmail.com require STARTTLS.

Answer 3

Also check that the root certificates are in the Client's Trusted Root Authority store. If this is from a service then adding the root certificates to the Local Machine store may also help. To get a better grasp of the reason then I have found the following policy helpful...

public bool ValidateServerCertificate( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
// No errors so continue…
if (sslPolicyErrors == SslPolicyErrors.None)
       return true;

// I’m just logging it to a label on the page, 
//  this should be stored or logged to the event log at this time. 
lblStuff.Text += string.Format("Certificate error: {0} <BR/>", sslPolicyErrors);

// If the error is a Certificate Chain error then the problem is
// with the certificate chain so we need to investigate the chain 
// status for further info.  Further debug capturing could be done if
// required using the other attributes of the chain.
      if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
      {
       foreach (X509ChainStatus status in chain.ChainStatus)
       {
             lblStuff.Text += string.Format("Chain error: {0}: {1} <BR/>", status.Status, status.StatusInformation);
  }
}

// Do not allow this client to communicate 
//with unauthenticated servers.
      return false;
}

To add the policy in, use the following, this only needs to be done once for the Application domain.

using System.Net;
...
ServicePointManager.ServerCertificateValidationCallback =
new Security.RemoteCertificateValidationCallback(ValidateServerCertificate);

You can also use the policy to remove the error altogether but it would be better to fix the problem than do that.