1

So I'm using a self-signed certificate on my localhost for HTTPS.

I'm running my Web Api 2 web service on it for testing while I develop a client website that links into the api but the client website can't establish a connection with the api because of trust issues concerning the certificate is self-signed and thus, not to be trusted.

Here's what Firefox says when I browse to the web service:

Firefox server certificate error

The client website is developed using MVC. So far I'm using WebClient to query data from the web service.

The code I'm currently working on to access the web server is a simple login. The MVC site sends the login data to the web service which uses it to select a record from the database. It sends the record back to the MVC site if it gets one.

Here's the code:

    private bool DoLogin(string EmailAddress, string Password)
    {
        WebClient client = new WebClient();
        NameValueCollection credentials = new NameValueCollection
        {
            { "EmailAddress", EmailAddress },
            { "Password", Password }
        };
        client.QueryString = credentials;
        string result = client.DownloadString(new Uri("https://localhost/mywebservice/api/User/"));

        // just return true so we can debug to see values
        return true;
    }

Currently I'm only getting a non-descript WebException that just says "Internal Server Error" (Status Code 503).

Its my understanding now that I need to use a certificate that isn't self-signed, but I can't create one in IIS. I'm trying to create a domain certificate but I'm confused about the Certification Authority and from what I understand, this isn't going to help me get my web app to accept the certificate anyway.

Anyway, as an alternative, I'm looking at this MSDN blog and I've done all those things to get it right (see screenshot below) but it doesn't seem to have helped anything as I still get the untrusted connection screen in my browser.

I'm pretty much at a loss what I should do now...

My computer's certificates

Ortund
  • 8,095
  • 18
  • 71
  • 139
  • Why run on HTTPS on local host? Why not just run it over HTTP? – mason Apr 28 '15 at 16:31
  • @mason its just for testing really – Ortund Apr 28 '15 at 16:35
  • 1
    Why are you testing HTTPS? I don't see a reason for that, as your application logic should be no different for HTTP vs HTTPS. Anyways, client browsers can certainly use self signed certificates. When you get the warning screen saying that it's self signed, you just proceed past it. You don't *have* to get your cert signed by the CA. Obviously in production you wouldn't use a self signed cert, but for testing it's just fine. – mason Apr 28 '15 at 16:38
  • What about the website I'm developing as a client app to the server? It doesn't care that I've created a security exception in my browser for the web service url... – Ortund Apr 28 '15 at 16:43
  • 1
    You didn't mention you had a client app. Just a client website. Since you have given me no idea how your app is put together, I can't tell you how to override it. – mason Apr 28 '15 at 16:45
  • My apologies. I thought I'd mentioned it... The client website is developed using MVC. So far I'm using WebClient to query data from the web service. – Ortund Apr 28 '15 at 16:50
  • 1
    What's the exception? Show your code. – mason Apr 28 '15 at 16:50
  • I believe FF is more ...strict about certs than other browsers. Check out Fiddler article on configuring cert - http://blogs.telerik.com/fiddler/posts/13-04-01/configuring-firefox-for-fiddler in addition to generic one. – Alexei Levenkov Apr 28 '15 at 16:53
  • Note that there are plenty answers on how to ignore SSL failures in C#/.Net code... Also your question have absolutely no indication of having problem with C#/`WebClient`... – Alexei Levenkov Apr 28 '15 at 16:56
  • If you are concerned about `HTTPS` thing, then try creating certificate with your hostname and hit the url `https:///`. – Arindam Nayak Apr 28 '15 at 16:56
  • If you want to allow all (ignore untrusted ones) SSL certificates (which you would do while testing on localhost with self-generated certs) you could tap into the `ServicePointManager.ServerCertificateValidationCallback`. – scheien Apr 28 '15 at 17:38
  • @AlexeiLevenkov so I've heard but I'm not having much luck finding them... The blog link I posted mentioned something about X509 certificates in the comments so I figure maybe I should look at that – Ortund Apr 28 '15 at 17:41
  • [Second result I found.](http://stackoverflow.com/questions/1301127/how-to-ignore-a-certificate-error-with-c-sharp-2-0-webclient-without-the-certi). Clearly you didn't look very hard. – mason Apr 28 '15 at 18:11
  • @mason next time I'm able to magic "how to ignore a certificate error in c#" out my ass, I'll let you know. Thanks for the link by the way. I'll look into it. Have had some connectivity issues today so only saw it now – Ortund Apr 29 '15 at 19:10

0 Answers0