[Mono-list] Ssl cert validation

Edward Ned Harvey (mono) edward.harvey.mono at clevertrove.com
Mon Mar 17 20:39:13 UTC 2014

This is frustrating me to no end.  Can anybody shed any light?

I have a server and client application, using signed trusted cert, and it all works fine on windows.  I understand (but I'm surprised) that mono trusts no root CA's, so you have to "mozroots --import --sync" if you want to change that.  And I confirm after doing that, I have a bunch of stuff under ~/.config/.mono/certs/Trust/   ...  But still, the client is rejecting the server cert.

To eliminate possibility of errors with my cert, or server behavior etc, I have done this:  A really simple program to connect to a https website and see if SSL is working..

This still has SslPolicyErrors RemoteCertificateNotAvailable

using System;
using System.Net;
using System.Net.Sockets;
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;

namespace FunWithSsl
                class MainClass
                                public static void Main (string[] args)
                                                string targetHost = "verisign.com";
                                                IPAddress[] addresses = Dns.GetHostAddresses (targetHost);
                                                var client = new TcpClient ();
                                                client.Connect (addresses [0],443);
                                                var mySslStream = new SslStream (client.GetStream(), false, ValidateServerCertificate);
                                                mySslStream.AuthenticateAsClient (targetHost, null, SslProtocols.Tls, false);
                                                System.Console.WriteLine ("Finished");
                                private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
                                                return true;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-list/attachments/20140317/b00729ec/attachment.html>

More information about the Mono-list mailing list