[Mono-list] self signed certificate

Jonathan Pryor jonpryor at vt.edu
Fri Oct 25 14:03:36 UTC 2013

On Oct 24, 2013, at 6:02 PM, Edward Ned Harvey (mono) <edward.harvey.mono at clevertrove.com> wrote:
> All the guides out there that I can find tell people to use "makecert," which isn't an option.  Or use openssl.

Why aren't those options? It shouldn't matter how you create the cert, as long as you have one...

...except that the normal System.Net stack wants a "valid" certificate chain lest it start throwing exceptions, and it'll start throwing exceptions with your self-signed cert.

The workaround for this is to set the System.Net.ServicePointManager.ServerCertificateValidationCallback property [0, 1] to a delegate which will check that the certificate you're getting from the server matches what your app expects. If it does, it can return `true` and the certificate will be used anyway, allowing you to use a self-signed cert. If the delegate returns `false`, the connection will be refused, as normal.

 - Jon

[0]: http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx
[1]: http://msdn.microsoft.com/en-us/library/system.net.security.remotecertificatevalidationcallback.aspx

More information about the Mono-list mailing list