Menu
To bypass SSL certificate validation for local and test servers, you can pass the -k or --insecure option to the Curl command. This option explicitly tells Curl to perform "insecure" SSL connections and file transfers. Curl will ignore any security warnings about an invalid SSL certificate and accept it as valid.
If you go to Tools -> Internet Options, Advanced tab, and scroll to the bottom, you'll find an option to "Warn about certificate address mismatch", which you can disable; the change will take effect after you restart IE, and should stop the browser from complaining about the cert.
For anyone interested in applying this solution on a per request basis, this is an option and uses a Lambda expression. The same Lambda expression can be applied to the global filter mentioned by blak3r as well. This method appears to require .NET 4.5.
String url = "https://www.stackoverflow.com";
HttpWebRequest request = HttpWebRequest.CreateHttp(url);
request.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
In .NET 4.0, the Lambda Expression can be applied to the global filter as such
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
Since there is only one global ServicePointManager, setting ServicePointManager.ServerCertificateValidationCallback will yield the result that all subsequent requests will inherit this policy. Since it is a global "setting" it would be prefered to set it in the Application_Start method in Global.asax.
Setting the callback overrides the default behaviour and you can yourself create a custom validation routine.
This worked for me:
System.Net.ServicePointManager.ServerCertificateValidationCallback +=
delegate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain,
System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true; // **** Always accept
};
Snippet from here: http://www.west-wind.com/weblog/posts/2011/Feb/11/HttpWebRequest-and-Ignoring-SSL-Certificate-Errors
Also there is the short delegate solution:
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
Just incidentally, this is a the least verbose way of turning off all certificate validation in a given app that I know of:
ServicePointManager.ServerCertificateValidationCallback = (a, b, c, d) => true;
Rather than adding a callback to ServicePointManager which will override certificate validation globally, you can set the callback on a local instance of HttpClient. This approach should only affect calls made using that instance of HttpClient.
Here is sample code showing how ignoring certificate validation errors for specific servers might be implemented in a Web API controller.
using System.Net.Http;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class MyController : ApiController
{
// use this HttpClient instance when making calls that need cert errors suppressed
private static readonly HttpClient httpClient;
static MyController()
{
// create a separate handler for use in this controller
var handler = new HttpClientHandler();
// add a custom certificate validation callback to the handler
handler.ServerCertificateCustomValidationCallback = ((sender, cert, chain, errors) => ValidateCert(sender, cert, chain, errors));
// create an HttpClient that will use the handler
httpClient = new HttpClient(handler);
}
protected static ValidateCert(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors)
{
// set a list of servers for which cert validation errors will be ignored
var overrideCerts = new string[]
{
"myproblemserver",
"someotherserver",
"localhost"
};
// if the server is in the override list, then ignore any validation errors
var serverName = cert.Subject.ToLower();
if (overrideCerts.Any(overrideName => serverName.Contains(overrideName))) return true;
// otherwise use the standard validation results
return errors == SslPolicyErrors.None;
}
}
For .net core
using (var handler = new HttpClientHandler())
{
// allow the bad certificate
handler.ServerCertificateCustomValidationCallback = (request, cert, chain, errors) => true;
using (var httpClient = new HttpClient(handler))
{
await httpClient.PostAsync("the_url", null);
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With