Disable certification validation on client side of wcf
Solution 1
If you are making Request to the server from the client application, call the below lines to avoid certification check before making a service request.
Using this code will bypass SSL validation error due to a self-signed certificate.
System.Net.ServicePointManager.ServerCertificateValidationCallback =
delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{ return true; };
Note: Use this for testing purpose only, for actual application use a valid SSL certificate.
Solution 2
The solution presented by sudhAnsu63 should work for you.
Alternatively, since you are using Message security you could add this to the client configuration file:
<serviceCertificate>
<authentication certificateValidationMode="None" />
</serviceCertificate>
Sebastian Busek
Updated on June 09, 2022Comments
-
Sebastian Busek almost 2 years
I have 2 apps running inside IIS - Client and Service. Service running just fine, but client isn't.
They talk to each other thru WCF with message security relaying on certificates (it isn't transport security, it's just message security). Both are using self-signed certificates.
But client ends up with error:
System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate ... is not in the trusted people store. The X.509 certificate ... chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
I know how to disable certificate validation on service side and I did it, but how can I disable CA validation on client side?
-
Derek W about 9 yearsThis is definitely the most general approach to solving the cited problem. Although I do have a slight grievance with self-signed certificate being called invalid. Self-signed certificates still fulfill the same functionality. The issue is more that self-signed certificates in nature are not trusted since they fail the signature hierarchy check, but they are certainly valid - Depending on the context of the application, certificate pinning may be an appropriate alternative and the whole chain of trust could be bypassed while providing the same core functionality of a CA signed certificate. -
KHeaney about 9 yearsThe question seems to indicate that the OP does not have the ability to dictate a user to make adjustments to their computer like that. As such I would not consider this a correct answer. Also if you have a question please ask it separately here: stackoverflow.com/questions/ask and not in an answer to another question.
-
Boric almost 9 yearsIt is important to note that this only works if you are using Message securty, and not SSL. webservices20.blogspot.com/2008/12/… -
Derek W almost 9 yearsThis is already noted in the answer. "Alternatively, since you are using
Messagesecurity...". Sorry, it was not the solution for you. Did the other solution provided by sudhAnsu63 work? -
aruno about 7 yearsso you can't do it in the binding configuration / elsewhere in config? I have this in a billion places and want to disable it
-
aruno about 7 yearsthis doesn't actually seem to work for me anyway even when I try to do this
-
Tigerware about 5 yearsI had those settings set for a generated proxy. That did work for me.
