How can you verify validity of an HTTPS/SSL certificate in .NET?
It doesn't get called because you're setting the ValidationCallback
after you've already made the request.
Change it to this:
HttpWebRequest request = WebRequest.CreateHttp( url );
request.ServerCertificateValidationCallback += ServerCertificateValidationCallback;
using( HttpWebResponse response = (HttpWebResponse)request.GetResponse() ) { }
Console.WriteLine("End");
...and it will work.
NickG
ASP.NET Website Developer for a small software company in Winchester, Hampshire (UK).
Updated on June 09, 2022Comments
-
NickG almost 2 years
How can you verify validity of an HTTPS/SSL certificate in .NET?
Ideally I want to establish an HTTPS connection to a website and then find out if that was done in a valid way (certificate not expired, host name matches, certificate chain trusted etc), but the built in HTTP Client seems to ignore certificate errors (and I'm not sure that physically downloading a web page is necessary to verify a certificate?).
I've tried to use the code below (adapted from an answer in the comments) but the ValidationCallback never gets called:
static void Main(string[] args) { String url = "https://www.example.com"; HttpWebRequest request = WebRequest.CreateHttp(url); request.GetResponse(); request.ServerCertificateValidationCallback += ServerCertificateValidationCallback; Console.WriteLine("End"); Console.ReadKey(); } private static bool ServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (sslPolicyErrors == SslPolicyErrors.None) { Console.WriteLine("Certificate OK"); return true; } else { Console.WriteLine("Certificate ERROR"); return false; } }