Tip #41: Did you know... establishing a remote connection to a IIS server with self-issued certificate will require a certificate validation delegate?

Article
01/04/2009

Either through WMSvc or through your own script, whenever you try to establish a connection with a remote server, which doesn’t provide a trusted certificate you need to provide a delegate for this certificate validation check to validate untrusted certificates.

The signature for this delegate is as follows

Namespace: System.Net.Security
Assembly: System (in System.dll)

 public delegate bool RemoteCertificateValidationCallback(
    Object sender,
    X509Certificate certificate,
    X509Chain chain,
    SslPolicyErrors sslPolicyErrors
)

Thus, to accept ALL server certificates, you will need to set the callback of ServicePointManager to validate a server certificate in the following manner:

 ServicePointManager.ServerCertificateValidationCallback = RemoteCertificateValidationCallbackFlag;

bool RemoteCertificateValidationCallbackCheck(
    Object sender,
    X509Certificate certificate,
    X509Chain chain,
    SslPolicyErrors sslPolicyErrors
)
{
    return true;
}

For the official MSDN documentation on this delegate refer to RemoteCertificateValidationCallback Delegateand ServicePointManager.ServerCertificateValidationCallback Property

Kateryna Rohonyan
SDET, IIS Team

Comments

Anonymous
January 04, 2009
PingBack from http://www.codedstyle.com/tip-41-did-you-know-establishing-a-remote-connection-to-a-iis-server-with-self-issued-certificate-will-require-a-certificate-validation-delegate/
Anonymous
January 06, 2009
What's the difference between remotecertificatevalidationcallbackflag and a version in VB: ServicePointManager.ServerCertificateValidationCallback = New RemoteCertificateValidationCallback(AddressOf ValidateCert) Private Function ValidateCert(ByVal sender As Object, _ByVal cert As X509Certificate, _ByVal chain As X509Chain, _ByVal sslErrors As SslPolicyErrors) As Boolean Return True End Function Not sure why/how your "flag" reference is different?
Anonymous
January 06, 2009
I just named it this way, to show that my client will accept ALL certificates from the server it is trying to talk to. It is your custom delegate callback function of type RemoteCertificateValidationCallback.
Anonymous
June 05, 2009
This article is meant to provide a quick reference troubleshooting guide to help with the most frequently

Share via

Tip #41: Did you know... establishing a remote connection to a IIS server with self-issued certificate will require a certificate validation delegate?

Comments

Additional resources