The remote certificate is invalid according to the validation procedure

c# ssl pop3
220,368

Solution 1

This usually occurs because either of the following are true:

  • The certificate is self-signed and not added as a trusted certificate.
  • The certificate is expired.
  • The certificate is signed by a root certificate that's not installed on your machine.
  • The certificate is signed using the fully qualified domain address of the server. Meaning: cannot use "xyzServerName" but instead must use "xyzServerName.ad.state.fl.us" because that's basically the server name as far as the SSL cert is concerned.
  • A revocation list is probed, but cannot be found/used.
  • The certificate is signed via intermediate CA certificate and server does not serve that intermediate certificate along with host certificate.

Try getting some information about the certificate of the server and see if you need to install any specific certs on your client to get it to work.

Solution 2

Even shorter version of the solution from Dominic Zukiewicz:

ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true;

But this means that you will trust all certificates. For a service that isn't just run locally, something a bit smarter will be needed. In the first instance you could use this code to just test whether it solves your problem.

Solution 3

.NET is seeing an invalid SSL certificate on the other end of the connection. There is a workaround for it, but obviously not recommended for production code:

// Put this somewhere that is only once - like an initialization method
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateCertificate);
...

static bool ValidateCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{
   return true;
}

Solution 4

I had the same problem while I was testing a project and it turned that running Fiddler was the cause for this error..!!

If you are using Fiddler to intercept the http request, shut it down ...

This is one of the many causes for such error.

To fix Fiddler you may need to Reset Fiddler Https Certificates.

Solution 5

You must check the certificate hash code.

ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain,
    errors) =>
        {
            var hashString = certificate.GetCertHashString();
            if (hashString != null)
            {
                var certHashString = hashString.ToLower();
                return certHashString == "dec2b525ddeemma8ccfaa8df174455d6e38248c5";
            }
            return false;
        };
Share:
220,368
Elad Benda
Author by

Elad Benda

linkedin

Updated on July 05, 2022

Comments

  • Elad Benda
    Elad Benda almost 2 years

    Running the following code, I get an exception:

    using (var client = new Pop3Client())
{
    client.Connect(provider.ServerWithoutPort, provider.Port, true);
}

    The Exception I get:

    The remote certificate is invalid according to the validation procedure.


   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
   at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
   at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl, Int32 receiveTimeout, Int32 sendTimeout, RemoteCertificateValidationCallback certificateValidator)
   at OpenPop.Pop3.Pop3Client.Connect(String hostname, Int32 port, Boolean useSsl)
   at Ugi.Server.Sources.Logic.SourcesService.IsValidPop3Connection(String email, String emailPassword) in C:\Users\elad\Documents\Visual Studio 2010\Projects\SVN\UGI\Ugi\Server\Sources\Logic\SourcesService.cs:line 246
    • Gilles
      Gilles about 10 years
      @BoPersson except that other question has an horrible accepted upvoted answer.
  • B.K.
    B.K. over 10 years
    I get prompted twice. Once upon connection and once upon file upload. Is that normal? I inserted the code per your instructions. One at initialization and one in my FTP class.
  • Jerico Sandhorn
    Jerico Sandhorn almost 9 years
    You should never recommend this approach toward solving trust without explaining the risks.
  • Squazz
    Squazz over 7 years
    Keep coming back to this. Root certificate, every time. Thanks a bunch! :D
  • Squazz
    Squazz over 7 years
    See this answer for why you should only do this in rare cases: stackoverflow.com/a/6613434/1955317
  • Squazz
    Squazz about 7 years
    Damn... Back here again, and this time it's none of the above points :/
  • XYZ
    XYZ almost 7 years
    @Squazz: did you resolve it? any new points to add?
  • Squazz
    Squazz almost 7 years
    Unfortunately not @XYZ, we ended up doing something else :/
  • WooHoo
    WooHoo over 6 years
    The link to Resetting the Fiddler Https Certificates worked for me, thanks.
  • BozoJoe
    BozoJoe over 6 years
    seems rather obvious to NOT use in production. But to get moving in development this is a god-send
  • BozoJoe
    BozoJoe over 6 years
    hooray ServicePointManager to the rescue again in development
  • vbezhenar
    vbezhenar almost 5 years
    * The certificate is signed via intermediate CA certificate and server does not serve that intermediate certificate along with host certificate.
  • Anders Abel
    Anders Abel almost 5 years
    @vbezhenar Thanks, I'll edit that point into the answer.
  • Andrew T Finnell
    Andrew T Finnell over 4 years
    I'm running into this issue now, and I've put the Self-Signed CA into both the Admin Trusted Root store, and the User Trusted Root Store. It still rejects the certificate. I am connecting to the server using 'my-server' and the Certificate is signed for 'my-server'. It's unfortunate the reason it rejects it isn't more clear.
  • Reyan Chougle
    Reyan Chougle almost 4 years
    Thanks @Squazz for sharing the link
  • user224567893
    user224567893 over 3 years
    the reason I was getting this error had nothing to do with the cert (the cert was fine), but the endpoint that I was using in the outgoing request was incorrect
  • Eugene Ryabtsev
    Eugene Ryabtsev over 3 years
    Having this issue right now with RemoteCertificateNameMismatch in sslPolicyErrors. It seems the subject name does not match and alt names are not fully checked (the name is there in alts as the subject IP address and it works in the browser). Works with DNS name though. This seems to be fixed in latest .NET and/or Windows.
  • Abuzar Ansari
    Abuzar Ansari over 2 years
    Thank you so much @brimble2010 , it has taken 2 days to work on development environment.
  • Dan Chase
    Dan Chase over 2 years
    @BozoJoe said another way, "only do this if this is a school project", otherwise I can't imagine it's place.
  • Morgeth888
    Morgeth888 over 2 years
    adding this here to help folks and answers are locked but if your using HttpClient and dotnet core you will need to do something like this instead, again not a safe solution but handy for local dev concepts; HttpClientHandler handler = new HttpClientHandler(); handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidat‌​or; _client = new HttpClient(handler);
  • tgolisch
    tgolisch over 2 years
    This approach also allows you other options for inspecting the X509Certificate before deciding to (always) return true
  • Jimbo
    Jimbo about 2 years
    You, my friend, are a champion :) quick and simple fix to a potentially overwhelming issue!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

"Authentication failed because the remote party has closed the transport stream" for normal users
How can I get the unread/new messages from Gmail using POP3?
The SSL connection could not be established, see inner exception
How to implements secure connections (No | SSL | STARTTLS) in SmtpClient to send mail?
Connecting to FTPS (FTP over SSL) with FluentFTP
SSL and Outdated TLS(1.0 and 1.1) for Web Service client application on .Net 3.5
Socket and Authentication failed because the remote party has closed the transport stream exception in WPF
.Net SslStream with Client Certificate
server certificate is not configured properly with HTTP.SYS in the HTTPS case
Does the POP3 protocol support a folder system?