SSL error RemoteCertificateNameMismatch

Question

I am using WCF for the client to access service. I am trying to access the endpoint with TLS (https). I have certificates with both private and public keys.

If I have the end point of the service to have the host name same as the certificate name ("Issued To"), then i am able to access the service from the client.

If the names of the "issued to" and end point domain name are different i get the error "Could not establish trust relationship for the SSL/TLS secure channel with authority". I have added the certificates to "Trusted Root", "Personal" and "trusted People". In my service i have used "PeerOrChainTrust".

Please let me know if anybody has any idea on this.

Thanks, Jan

Answer 1

I don't think you can override the check on whether the certificate name matches the server name.

Some agents allow you to manually override after the warnings, but unless WCF has a setting to disable certificate validation with all the dangers that brings. SSL is designed first and foremost for the client to be able to validate which server it is talking to, otherwise you will be open to all sorts of vulnerabilities (including man-in-the-middle and fake servers).

Answer 2

In that case, you need to define the trust policy for the server on client side,

Call SetCertPolicy once before you make any call to the services.

using System.Net;
using System.Security.Cryptography.X509Certificates;
     public static void SetCertPolicy()
     {
      ServicePointManager.ServerCertificateValidationCallback += RemoteCertValidate;
     }

     private static bool RemoteCertValidate( object sender, X509Certificate cert, X509Chain chain,
      SslPolicyErrors error )
     {
      // trust any cert!!!
      return true;
     }

Answer 3

See: http://stackoverflow.com/questions/338385/how-do-i-tell-wcf-to-skip-verification-of-the-certificate/479914