0

I have the following test service:

https://197.253.5.218/OnlineIntegration/DBConnect.asmx

Opening it in any browser gives this warning

"There is a problem with this website’s security certificate"

However, I can ignore the warning and view the web service description.

Accessing same from code throws this exception: 

Message=System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority '197.253.5.218'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

Please is there an option to bypass such faulty security certificate from code?

Thanks.

Charles Okwuagwu
  • 10,538
  • 16
  • 87
  • 157
  • This may be a BAD idea - certificates exist for a reason. A faulty certificate may signify a hacked site. In the browser, it's the *user's* responsibility to accept or not to connect. In code, you *can't* arbitrarily decide to bypass security, nor decide that you trust the IP - what if a hacker broke into the *corporate* network and installed malware? – Panagiotis Kanavos Sep 04 '15 at 08:43
  • IF you trust the certificate, install it on your machine so you don't get the error. While you *can* disable certificate validation, it shouldn't be done except in *very* limited and controller scenarios. The danger of accidentally releasing software that doesn't properly check certificates is too great – Panagiotis Kanavos Sep 04 '15 at 08:46
  • sadly it is the service provided by a client for us to integrate with. I cannot for them to make changes. hence the need for a workaround. I am testing remotely. maybe once deployed to site on the same network these errors might stop. but for now i need a workaround. – Charles Okwuagwu Sep 04 '15 at 08:47
  • I think you are in a wrong way... One of the purposes of certicate is to prevent man in the middle attack. By ignoring it you are openning a hole in your security. In case if you currently do not have a certifcate for the 197.253.5.218 machine I would suggest to generate a test certificate. See for example here http://blogs.msdn.com/b/benjaminperkins/archive/2014/05/05/make-your-own-ssl-certificate-for-testing-and-learning.aspx In case you have a certificate, but for the different computer, you can playaround with C:\Windows\System32\drivers\etc\hosts file on you client and server side – Yaugen Vlasau Sep 04 '15 at 08:49
  • First, you *can* install the certificate on your machine, from inside your browser even. It doesn't matter that you are debugging remotely. If and *only* if you can't install it, should you try to disable certificate validation, but you should make absolutely certain you control it with a setting eg in web.**debug**.config to avoid releasing it to production – Panagiotis Kanavos Sep 04 '15 at 08:50

0 Answers0