Read SSL Certificate Details on WP8

Question

I want to read certificate details (e.g. expiration date or CN) for security reasons.

Usually there are some properties in network classes available, that allow to

Answer 1

On Windows Phone 8.1 this can be done with HttpClient, as well as with StreamSocket (as Mike suggested).
Example for certificate validation with StreamSocket can be found here (Scenario5_Certificate in source code).

Certificate validation with HttpClient can be done by handling the ERROR_INTERNET_INVALID_CA exception, validating the server certificate using the HttpTransportInformation class, creating new instance of HttpBaseProtocolFilter class and specifying the errors to ignore.

Note that not all the errors are ignorable. You will receive an exception if you'll try to add Success, Revoked, InvalidSignature, InvalidCertificateAuthorityPolicy, BasicConstraintsError, UnknownCriticalExtension or OtherErrors enum values.

I'm adding a sample code that bypasses certificate errors using HttpClient:

using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Threading.Tasks;
using Windows.Security.Cryptography.Certificates;
using Windows.Web.Http;
using Windows.Web.Http.Filters;

namespace Example.App
{
    public class HttpsHandler
    {
        private const int ERROR_INTERNET_INVALID_CA = -2147012851; // 0x80072f0d

        public static async void HttpsWithCertificateValidation()
        {
            Uri resourceUri;
            if (!Uri.TryCreate("https://www.pcwebshop.co.uk/", UriKind.Absolute, out resourceUri))
                return;

            IReadOnlyList serverErrors = await DoGet(null, resourceUri);
            if (serverErrors != null)
            {
                HttpBaseProtocolFilter filter = new HttpBaseProtocolFilter();
                foreach (ChainValidationResult value in serverErrors)
                {
                    try {
                        filter.IgnorableServerCertificateErrors.Add(value);
                    } catch (Exception ex) {
                        // Note: the following values can't be ignorable:
                        //       Success Revoked InvalidSignature InvalidCertificateAuthorityPolicy
                        //       BasicConstraintsError UnknownCriticalExtension OtherErrors
                        Debug.WriteLine(value + " can't be ignorable");
                    }
                }

                await DoGet(filter, resourceUri);
            }
        }

        private static async Task> DoGet(HttpBaseProtocolFilter filter, Uri resourceUri)
        {
            HttpClient httpClient;
            if (filter != null)
                httpClient = new HttpClient(filter);
            else
                httpClient = new HttpClient();

            HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, resourceUri);
            bool hadCertificateException = false;
            HttpResponseMessage response;
            String responseBody;

            try {
                response = await httpClient.SendRequestAsync(requestMessage);
                response.EnsureSuccessStatusCode();
                responseBody = await response.Content.ReadAsStringAsync();
            } catch (Exception ex) {
                hadCertificateException = ex.HResult == ERROR_INTERNET_INVALID_CA;
            }

            return hadCertificateException ? requestMessage.TransportInformation.ServerCertificateErrors : null;
        }
    }
}