We have created a certificate in IIS6 and applied it to a site using SSL. Now the same program we have used before will not work. As I understand it c# supports HTTPS transparently so I believe it must be with the "untrusted" cert. After turning the proxy setting off (was getting 403 forbidden error) , I receive "Could not establish trust relationship for the SSL"
I have tried a few work arounds like swapping the default cert policy with validation hack but it was very old and I still get the same error.
Below is my post method.
try
{
HttpRequestCachePolicy policy = new HttpRequestCachePolicy(HttpRequestCacheLevel.NoCacheNoStore);
HttpWebRequest.DefaultCachePolicy = policy;
byte[] buffer = Encoding.UTF8.GetBytes(postData);
//Initialisation
HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create(url);
WebReq.Timeout = 10000;
//method is post
if (useproxy == "ON")
{
WebProxy myProxy = new WebProxy();
// Create a new Uri object.
Uri newUri = new Uri(proxy);
// Associate the new Uri object to the myProxy object.
myProxy.Address = newUri;
WebReq.Proxy = myProxy;
}
WebReq.KeepAlive = false;
WebReq.Method = "POST";
WebReq.ContentType = "application/x-www-form-urlencoded";
//The length of the buffer
WebReq.ContentLength = buffer.Length;
Stream PostData = WebReq.GetRequestStream();
//write, and close.
PostData.Write(buffer, 0, buffer.Length);
PostData.Close();
//Get the response handle
HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
Console.WriteLine(WebResp.StatusCode);
Console.WriteLine(WebResp.Server);
//Do not worry about response!.
//read the response (the string), and output it.
Stream Answer = WebResp.GetResponseStream();
StreamReader _Answer = new StreamReader(Answer);
vystup = _Answer.ReadToEnd();
if (vystup != "OK")
{
}
}
catch (WebException ex)
{
Console.WriteLine(ex);
}
Is there any workaround for the certificate or my app or in IIS that would resolve this? Presumably its C# not trusting the certificate but this is my first go at Https.
Any info at all is welcome.
By default, the .NET certificate policy will reject any unverified or untrusted server certificates, since 99% of the time that's what you want. (The only "bad" certificates that get through by default are expired, but otherwise valid ones.)
You have a few options, depending on the scale of the deployment you're talking about.
Install the server's certificate on the client as a trusted root certificate. For testing, this is hands down the easiest option, and I do it all the time with my dev machine's IIS and IIS Express certificates. Horrible idea for production though.
Use an internal CA to generate certificate; if you work for a company that has an Active Directory setup, the AD servers can act as a CA, and you can use group policy to push the AD server's CA root out to clients automatically. If you're deploying something internally, this is a good way to go because it's pretty cheap :)
Implement a ServerCertificateValidationCallback on the ServicePointManager
class that ignores any SSL errors. The only real pitfall here is that this is a global setting, so every use of the WebRequest
classes will use your custom validation callback.