How can I turn off certificate revocation for a WCF service's client? The client proxy was generated by wsdl.exe and inherits SoapHttpClientProtocol.
Go to Advanced tab and scroll down to the Security. Now uncheck Check for publisher's certificate revocation and Check for server certificate revocation* Note: We don't recommend this practice because it can leave you vulnerable to cyber attackers. Hit OK.
To check the revocation status of an SSL Certificate, the client connects to the URLs and downloads the CA's CRLs. Then, the client searches through the CRL for the serial number of the certificate to make sure that it hasn't been revoked.
I think you're looking for ServicePointManager.ServerCertificateValidationCallback
:
http://msdn.microsoft.com/en-gb/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx
Which takes a RemoteCertificateValidationCallback
Delegate:
http://msdn.microsoft.com/en-gb/library/system.net.security.remotecertificatevalidationcallback.aspx
I've never dealt with a revoked certificate before (I have hand to handle other issues such as expired SSL's), but I'm guessing you'd just do something like:
class Program
{
static void Main(string[] args)
{
ServicePointManager.ServerCertificateValidationCallback +=
new RemoteCertificateValidationCallback(ValidateCertificate);
// Do WCF calls...
}
public static bool ValidateCertificate(object sender, X509Certificate cert,
X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if(sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
{
foreach(X509ChainStatus chainStatus in chain.ChainStatus)
{
if(chainStatus.Status == X509ChainStatusFlags.Revoked)
{
return true;
}
}
}
/*
WARNING!
You should perform other cert validation checks here and not blindly
override your cert validation by returning true.
Otherwise the secure channel between your client and service
may not be secure.
*/
return false;
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With