.NET client connecting to ssl Web API

Question

I have a ASP.NET Web API which I\'d like to use with ssl. Currently the server is using a self-signed cert, and at this moment both http and https are allowed. I have a very

Answer 1

This error message means that the client does not trust the server cert during the SSL handshake. Some browsers are a little more forgiving and give you a "Red bar", but calling from code will result in a 401 and a rejected call.

You do not need to do anything with the client cert settings in IIS (because I assume you are not using a client cert).

This exception message is telling you that the self-signed cert chain is rejected when validating on the client. You might be about to get around this by exporting (without the private key), the self-signed cert and installing it on the client machine as a root cert.

If this doesn't work, you need to make a new CA (certificate authority cert) and then generate a new server cert that is signed with the CA. This CA would finally have to be installed on the client machine as a root cert.

This is a good post that shows the process using makecert and pvk2pfx.

EDIT: It looks like there might be a way to configure HttpClient to ignore SSL errors. But, I would strongly suggest that you try to not to have SSL errors from the start.

Answer 2

This worked for me. Just add the following before the call to GetAsync.

ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

This will ignore the SSL errors. This is only recommended in an intranet environment or other closed network where server identities can't be forged.

Answer 3

Take a look at the C# Ignore certificate errors SO question. I believe you can add a certificate validation handler using ServicePointManager to circumvent certificate validation. It would probably be a good idea to use a signed certificate within your production environment though.

ServicePointManager
    .ServerCertificateValidationCallback += 
    (sender, cert, chain, sslPolicyErrors) => true;