How can I ignore SSL errors when connecting to one endpoint and not others?

Question

I'm writing a Web API that calls two different endpoints, both using HTTPS.

One of the endpoints (A) isn't using a proper certificate. Specifically, it's using a cert with a CN of *.foo.bar but the endpoint I'm connecting to is a.b.foo.bar. Their in the process of fixing it, but don't have a timeline on how long it will take, and we can't afford to wait for them to fix it to continue our functional testing.

How can I ignore SSL certificate errors when connecting to A, and not when connecting to B?

The current way I've seen it done during my research is to do something like

ServicePointManager.ServerCertificateValidationCallback =
    (sender, certificate, chain, errors) => true;

However I don't want to disable it for both endpoints, just A.

score 0 · Answer 1 · answered Oct 03 '16 at 23:27

Just implement a RemoteCertificateValidationCallback where you check to see if the if the sender is from endpoint A and if it is return true. Otherwise return true if no errors. Then set ServicePointManager.ServerCertificateValidationCallback to your newly created RemoteCertificateValidationCallback.

score 0 · Answer 2 · edited May 23 '17 at 12:06

Inspired from the code of this SO answer, you can actually check for the origin certificate using, for example, the certificate thumbprint that you can get from their certificate:

ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) =>
{
    if (certificate.GetCertHashString().Equals("remote certificate thumbprint"))
        return true;
    return false;
};

You can also potentially use other certificates properties to validate this, up to your need.

You can find out the Thumbprint value on the following screen if using Windows:

Thumbprint

How can I ignore SSL errors when connecting to one endpoint and not others?

2 Answers2