Force HttpClient to trust single Certificate

Question

Can you force HttpClient to only trust a single certificate?

I know you can do:

WebRequestHandler handler = new WebRequestHandler();
X509Certificate2         


        

Answer 1

For anyone who comes across this in the future tou should be aware that some certificate authorities will no longer reissue certificates with the same public key when the certificate is renewed. We had this problem specifically with Globalsign who left us with the very difficult logistical problem of updating the client software with new public key pinning details for all our customers in a very short space of time, despite their published policy documents saying that they provided the option to reuse the public key. If this may be an issue for you confirm your certificate provider's policy in advance, and don't use Globalsign!