R
Rob Edwards
I am consuming a webservice over a secure HTTPS channel. The secure channel
is using a certificate from an internal root authority so it is not publicly
trusted. This is fine as it is intended to be used only internally. The
problem i am having is that i get the standard "Cannot establish connection
error" even though i went to the issuing authority server and installed the
certificates to set it as a trusted authority. Once i did that, the issue
of not coming from a trusted authority stopped showing up in Internet
Explorer and Firefox, but still seems to be an issue in the web service.
I did go ahead and create an internal class that derived from
ICertificatePolicy that did a return true in the CheckValidationResult, but
i know this is insecure. All i seem to be able to find online is references
to this shortcut to "Get it working for now". How to i make it secure so it
accepts this certificate and not just blindly trust everything?
Thanks,
Rob
is using a certificate from an internal root authority so it is not publicly
trusted. This is fine as it is intended to be used only internally. The
problem i am having is that i get the standard "Cannot establish connection
error" even though i went to the issuing authority server and installed the
certificates to set it as a trusted authority. Once i did that, the issue
of not coming from a trusted authority stopped showing up in Internet
Explorer and Firefox, but still seems to be an issue in the web service.
I did go ahead and create an internal class that derived from
ICertificatePolicy that did a return true in the CheckValidationResult, but
i know this is insecure. All i seem to be able to find online is references
to this shortcut to "Get it working for now". How to i make it secure so it
accepts this certificate and not just blindly trust everything?
Thanks,
Rob