.NET ssl certificates and webservices


Had to  change one of my c# programs that uses consumed webservices to use SSL and not just server side certificat, but also client side.

1. Certificate files

Add your server certificate to “Local machine”  -> “Trusted Root “certificate store.

Add your client host certificate to “Local machine” -> “Personal” certificate store.

2. Change csharp code to use ssl

Create HttpBinding

BasicHttpBinding primaryBinding = new BasicHttpBinding();

primaryBinding.Security.Mode = BasicHttpSecurityMode.Transport;
primaryBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;

Create EndpointAddress

EndpointAddress remoteAddressPrimary = new EndpointAddress(new Uri(conn.PrimaryCapturePointURL));

Create ws

wsPrimary = new iWebServiceClient(primaryBinding, remoteAddressPrimary);

set webservice to use client certificate


This next line will override stanadart mode, I had to use this line since I have IE8, if you try to access webservice via IE you will  have to accept client certificate as well

more on this http://blogs.msdn.com/b/ieinternals/archive/2009/09/03/client-certificate-selection-prompt.aspx

So actual line is

 wsPrimary.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust;
That should be it.


If you do not import server certificate in root please use following code

I have this line in class cunstructor.
System.Net.ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(OnValidationCallback);

Then add follolwing method  to class

public static bool OnValidationCallback(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors errors)
            return true;

Hope this helps.