When using WCF Services over HTTPS with a self-signed or invalid SSL certificates WCF could throw get an exception of type SecurityNegotiationException that says:
Could not establish trust relationship for the SSL/TLS secure channel with authority […].
To instruct WCF to accept all certificates use the following code before consuming any services:
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, errors) => true;
Self-signed certificates are often used in development environments. Due to security reasons, in a production environment you should never use the code above; instead you should always use valid certificates and prohibit any communication in case of certificate problems!
3 responses to “WCF Services over HTTPS: Programmatically accept self-signed or invalid SSL certificates”
I tried to use your code snippet to programmatically force the client to accept the self-signed certificate:
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, errors) => true;
and got the follwoing error message:
Error 1 Operator ‘+=’ cannot be applied to operands of type ‘System.Net.Security.RemoteCertificateValidationCallback’ and ‘lambda expression’ c:\documents and settings\217216×713184\my documents\visual studio 2010\Projects\IvrAdminServiceTestClient\IvrAdminServiceTestClient\Form1.cs 24 13 IvrAdminServiceTestClient
Any idea how to fix this? Thanks in advance. 🙂
I finally got it to work with a variation on the code you suggested. I found this code over at http://stackoverflow.com/questions/2792539/is-it-possible-to-force-the-wcf-test-client-to-accept-a-self-signed-certificate
ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(EasyCertCheck);
bool EasyCertCheck(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error) { return true; }
Thank you so much. ! It solved my problem