WCF Services over HTTPS: Programmatically accept self-signed or invalid SSL certificates

When using WCF Services over HTTPS with a self-signed or invalid SSL certificates WCF could throw get an exception of type SecurityNegotiationException that says:

Could not establish trust relationship for the SSL/TLS secure channel with authority […].

To instruct WCF to accept all certificates use the following code before consuming any services:

ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, errors) => true;

Self-signed certificates are often used in development environments. Due to security reasons, in a production environment you should never use the code above; instead you should always use valid certificates and prohibit any communication in case of certificate problems!

Comments

  1. Greg Busby

    I tried to use your code snippet to programmatically force the client to accept the self-signed certificate:

    ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, errors) => true;

    and got the follwoing error message:

    Error 1 Operator ‘+=’ cannot be applied to operands of type ‘System.Net.Security.RemoteCertificateValidationCallback’ and ‘lambda expression’ c:\documents and settings\217216×713184\my documents\visual studio 2010\Projects\IvrAdminServiceTestClient\IvrAdminServiceTestClient\Form1.cs 24 13 IvrAdminServiceTestClient

    Any idea how to fix this? Thanks in advance. 🙂

  2. Greg Busby

    I finally got it to work with a variation on the code you suggested. I found this code over at http://stackoverflow.com/questions/2792539/is-it-possible-to-force-the-wcf-test-client-to-accept-a-self-signed-certificate

    ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(EasyCertCheck);

    bool EasyCertCheck(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error) { return true; }

  3. Prabaharan T

    Thank you so much. ! It solved my problem

Leave a comment

Your email address will not be published. Required fields are marked *

*