I'm attempting to send emails programmatically using SmtpClient.Send. I am currently getting an AuthenticationException when attempting to send the email. This is because of the certificate validation procedure failing.
I know that the certificate is the correct one, but I also understand that it's not secure to trust all certificates much like the suggestions of doing this:
ServicePointManager.ServerCertificateValidationCallback +=
(sender, certificate, chain, sslPolicyErrors) => { return true; };
So I was wondering if testing the Thumbprint for a known valid certificate thumbprint is secure enough, like so:
ServicePointManager.ServerCertificateValidationCallback +=
(sender, certificate, chain, sslPolicyErrors) =>
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
else if (certificate.GetCertHashString().Equals("B1248012B10248012B"))
return true;
return false;
};
Yes.
The thumbprint is a SHA1 hash of the certificate, and while not absolutely impossible, is extremely difficult to forge.
In technical terms, there are currently no known feasable second-preimage attacks on SHA1.
However, if in any doubt, you may store the whole certificate, perhaps using the fingerprint as a key. Then you can compare the whole certificate against your stored, trusted certificate.