Making a WP7 HttWebRequest POST with an untrusted cert?

Question

I\'m working on a Windows Phone 7 application that makes a REST service call. The third party that hosts the web services has an invalid certificate in the current environme

Answer 1

You need to install the root CA cert of the issuing party on the phone.

You can do this by emailing the RootCA to the user of the phone. They click on the attachement and it will prompt them to ask if they want to install the certificate on the phone.

Once you have done that your requests should go through.

I dont believe there is a way to do this programatically in your app however.

Answer 2

There is sadly no way to do this on the phone. Ordinarily, i.e. on the desktop this simple line of code will disable certificate checking.

System.Net.ServicePointManager.ServerCertificateValidationCallback = (se, cert, chain, sslError) => { return true; };

If you look at the ServicePointManager on the phone, there's no callback to hook into. It's a massive pain in the arrrrse.

Have you considered writing to the service owner and asking why they're being bad internet citizens? (essentially, what you're seeing here is web security in action, for better or worse)

As Matt says, you might be able to code a simple relay on a web server. It doesn't have to be a special service, but maybe just a web page that does the call for you and spits out RAW text or XML. Your phone client just GETs this page and picks through the response manually.

Where there's a will there's a way.

Luke

Answer 3

I'm not aware of a way to install additional certificates on the phone.

In this situation I'd create a proxy service between your app and the 3rd party site and have your app call that. If you need to, you could put the proxy behind a valid cert.