There are lots of suggestions on how to do this in your code by coding a delegate method to accept all server certificates regardless of origin:
I don't want to do this, though, because this same code will be rolled out to production and it seems sloppy to me to allow all certificates to validate carte blanche.
ServicePointManager.ServerCertificateValidationCallback =
delegate(object sender, X509Certificate certificate, X509Chain chain,
SslPolicyErrors sslPolicyErrors) { return true; };
So, I set out to download the internal SSL certificate and install it in the client computer's Trusted Root Certification Authorities cache. That still doesn't work!
Thanks to Ferry Onderwater's entry at http://www.arcencus.nl/Blogs/tabid/105/EntryID/39/Default.aspx, I see now where I went astray. By default, the Certificate snap-in installs certificates for the current user only. I needed all users to trust the certificate.
Solution:
- Start a new MMC.
- File --> Add/Remove Snap-In...
- Click Add...
- Choose Certificates and click Add.
- Check the "Computer Account" radio button. Click Next.
- Choose the client computer in the next screen. Click Finish.
- Click Close.
- Click OK.
- NOW install the certificate into the Trusted Root Certification Authorities certificate store. This will allow all users to trust the certificate.
10 comments:
Hi,
thank you. This saved my day.
I had this error message on our SharePoint Server 2007 on the Indexing Server
Best regards
Patrick Lamber
-------------------------------------
http://patricklamber.blogspot.com (SharePoint, ASP.NET, PowerShell)
Thanks!
I am still facing issue with the same even tough I have my self signed certificate available in localcomputer and local user but still getting the same error.. ANy resolution?
Cheers Awesome
Hello,
The mail client i'm using was not working with SSL/TLS in system account.
This article solved my problem.
Thanks a lot.
Thansk man.
Now it's work fine.
For those who still experience problems:
in my case I used certificate for local web site.
to solve validation issue it was required to create mapping in "C:\System32\drivers\etc\host" for localhost (127.0.0.1).
Then use certificate name in web url: instead of https://localhost:413/.... use https://CertificateName:413/....
Thanks Dave, that worked for me !
Thanks
Post a Comment