Only accept C # signed SSL certificate itself
I have a self-programmed API running on Windows Server 2012 with a self-signed SSL certificate. Now I want to communicate with the webservice over HTTPS.
Communication is only done on the local network, but I still want the connection to be secure.
Is there a way to only accept my signed certificate? I have found many solutions to accept all certifications, but I want mine to be accepted.
I already thought about adding it to windows approved certificates, but since the program using the web service is a user from users on different computers and I don't have administrator rights at all.
Is it possible to have a secure connection the way I want?
source to share
Yes, as Guzman suggests, you should implement your own method for ServerCertificateValidationCallback
. You can compare the thumbprint of the certificate to see if it is someone you want to trust. Something like this should work:
public static class CertificateValidator
{
public static string TrustedThumbprint { get; set; }
public static bool ValidateSslCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors errors)
{
// Wrap certificate to access thumbprint.
var certificate2 = new X509Certificate2(certificate);
// Only accept certificate with trusted thumbprint.
if (certificate2.Thumbprint.Equals(
TrustedThumbprint, StringComparison.OrdinalIgnoreCase))
{
return true;
}
// In all other cases, don't trust the certificate.
return false;
}
}
In your start code, include the following:
// Read your trusted thumbprint from some secure storage.
// Don't check it into source control! ;-)
CertificateValidator.TrustedThumbprint = SomeSecureConfig.Get["TrustedApiThumbprint"];
// Set the callback used to validate certificates.
ServicePointManager.ServerCertificateValidationCallback += CertificateValidator.ValidateSslCertificate;
source to share