C# Ignore certificate errors?

后端 未结 11 1043
鱼传尺愫
鱼传尺愫 2020-11-22 15:01

I am getting the following error during a web service request to a remote web service:

Could not establish trust relationship for the SSL/TLS secure c

相关标签:
11条回答
  • 2020-11-22 15:45

    This works for .Net Core. Call on your Soap client:

    client.ClientCredentials.ServiceCertificate.SslCertificateAuthentication =
                    new X509ServiceCertificateAuthentication()
                    {
                        CertificateValidationMode = X509CertificateValidationMode.None,
                        RevocationMode = X509RevocationMode.NoCheck
                    };  
    
    0 讨论(0)
  • 2020-11-22 15:45

    Old, but still helps...

    Another great way of achieving the same behavior is through configuration file (web.config)

     <system.net>
        <settings>
          <servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" />
        </settings>
      </system.net>
    

    NOTE: tested on .net full.

    0 讨论(0)
  • 2020-11-22 15:50

    IgnoreBadCertificates Method:

    //I use a method to ignore bad certs caused by misc errors
    IgnoreBadCertificates();
    
    // after the Ignore call i can do what ever i want...
    HttpWebRequest request_data = System.Net.WebRequest.Create(urlquerystring) as HttpWebRequest;
    
    /*
    and below the Methods we are using...
    */
    
    /// <summary>
    /// Together with the AcceptAllCertifications method right
    /// below this causes to bypass errors caused by SLL-Errors.
    /// </summary>
    public static void IgnoreBadCertificates()
    {
        System.Net.ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications);
    }  
    
    /// <summary>
    /// In Short: the Method solves the Problem of broken Certificates.
    /// Sometime when requesting Data and the sending Webserverconnection
    /// is based on a SSL Connection, an Error is caused by Servers whoes
    /// Certificate(s) have Errors. Like when the Cert is out of date
    /// and much more... So at this point when calling the method,
    /// this behaviour is prevented
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="certification"></param>
    /// <param name="chain"></param>
    /// <param name="sslPolicyErrors"></param>
    /// <returns>true</returns>
    private static bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
    {
        return true;
    } 
    
    0 讨论(0)
  • 2020-11-22 15:50

    To further expand on BIGNUM's post - Ideally you want a solution that will simulate the conditions you will see in production and modifying your code won't do that and could be dangerous if you forget to take the code out before you deploy it.

    You will need a self-signed certificate of some sort. If you know what you're doing you can use the binary BIGNUM posted, but if not you can go hunting for the certificate. If you're using IIS Express you will have one of these already, you'll just have to find it. Open Firefox or whatever browser you like and go to your dev website. You should be able to view the certificate information from the URL bar and depending on your browser you should be able to export the certificate to a file.

    Next, open MMC.exe, and add the Certificate snap-in. Import your certificate file into the Trusted Root Certificate Authorities store and that's all you should need. It's important to make sure it goes into that store and not some other store like 'Personal'. If you're unfamiliar with MMC or certificates, there are numerous websites with information how to do this.

    Now, your computer as a whole will implicitly trust any certificates that it has generated itself and you won't need to add code to handle this specially. When you move to production it will continue to work provided you have a proper valid certificate installed there. Don't do this on a production server - that would be bad and it won't work for any other clients other than those on the server itself.

    0 讨论(0)
  • 2020-11-22 15:52

    Add a certificate validation handler. Returning true will allow ignoring the validation error:

    ServicePointManager
        .ServerCertificateValidationCallback += 
        (sender, cert, chain, sslPolicyErrors) => true;
    
    0 讨论(0)
提交回复
热议问题