How to stop certificate errors temporarily with WCF services

Question

I am testing an early release of a WCF web service I have created. On the client side when I use VS to \'add service reference\' that all works.

But when I try to us

Answer 1

You could also override with this oneliner.

ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true;

Simply paste it into the generated WCF client constructor in Reference.cs

[System.Diagnostics.DebuggerStepThroughAttribute()]
[System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "4.0.0.0")]
public partial class WebQuoteServiceClient : System.ServiceModel.ClientBase<Corp.Legal.Webservices.ServiceReference1.IWebQuoteService>, Corp.Legal.Webservices.ServiceReference1.IWebQuoteService {

    public WebQuoteServiceClient()
    {
        ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => true;
    }

Answer 2

Modifying web.config worked for me

I did it using Steve Ellinger's answer and some googling. Essentially, I had to:

• tell manager of HTTP connections to use certificate without matching certificate name with server host name, and without checking whether the certificate has been revoked
• modify endpoint behavior on client side in order to turn off certificate validation

Here are the web.config snippets...

<configuration>

  <system.net>
    <settings>
      <servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" />
    </settings>
  </system.net>

  <system.serviceModel>
    <client>
      <endpoint ... behaviorConfiguration="DisableServiceCertificateValidation" />
    </client>

    <behaviors>
      <endpointBehaviors>
        <behavior name="DisableServiceCertificateValidation">
          <clientCredentials>
            <serviceCertificate>
              <authentication certificateValidationMode="None"
                              revocationMode="NoCheck" />
            </serviceCertificate>
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>
  </system.serviceModel>

</configuration>

Answer 3

Set the CertificatePolicy PRIOR to initializing your WCF service on the client. Here's how (just make a call to the SetCertificatePolicy() method once)

 /// <summary>
    /// Sets the cert policy.
    /// </summary>
    private static void SetCertificatePolicy()
    {
        ServicePointManager.ServerCertificateValidationCallback += ValidateRemoteCertificate;
    }

    /// <summary>
    /// Certificate validation callback 
    /// </summary>
    private static bool ValidateRemoteCertificate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors error)
    {
        if (error == SslPolicyErrors.None)
        {
           return true;   // already determined to be valid
        }

        switch (cert.GetCertHashString())
        {
           // thumbprints/hashes of allowed certificates (uppercase)
           case "066CF9CAD814DE2097D368F22D3A7D398B87C4D6":
           case "5B82C96685E3A20079B8CE7AFA32554D55DB9611":

              Debug.WriteLine("Trusting X509Certificate '" + cert.Subject + "'");
              return true;

           default:
              return false;
        }
    }

Answer 4

Check the answer to this question:

How do I tell WCF to skip verification of the certificate?

it gives two possible solutions: 1. using just config entries on the client side or 2. use a custom certificate validator that uses both code and config entries

Answer 5

<configuration>
  <system.net>
    <settings>
      <servicePointManager checkCertificateName="false" checkCertificateRevocationList="false" />
    </settings>
  </system.net>
</configuration>

This works for me. Thanks