Tip #41: Did you know… establishing a remote connection to a IIS server with self-issued certificate will require a certificate validation delegate?


Either through WMSvc or through your own script, whenever you try to establish a connection with a remote server, which doesn’t provide a trusted certificate you need to provide a delegate for this certificate validation check to validate untrusted certificates.

The signature for this delegate is as follows

Namespace: System.Net.Security
Assembly:  System (in System.dll)

public delegate bool RemoteCertificateValidationCallback(
    Object sender,
    X509Certificate certificate,
    X509Chain chain,
    SslPolicyErrors sslPolicyErrors
)

Thus, to accept ALL server certificates, you will need to set the callback of ServicePointManager to validate a server certificate in the following manner:

ServicePointManager.ServerCertificateValidationCallback = RemoteCertificateValidationCallbackFlag;

bool RemoteCertificateValidationCallbackCheck(
    Object sender,
    X509Certificate certificate,
    X509Chain chain,
    SslPolicyErrors sslPolicyErrors
)
{
    return true;
}

For the official MSDN documentation on this delegate refer to RemoteCertificateValidationCallback Delegate and ServicePointManager.ServerCertificateValidationCallback Property

Kateryna Rohonyan

SDET, IIS Team

Comments (4)

  1. Dan says:

    What’s the difference between remotecertificatevalidationcallbackflag and a version in VB:

    ServicePointManager.ServerCertificateValidationCallback = New RemoteCertificateValidationCallback(AddressOf ValidateCert)

    Private Function ValidateCert(ByVal sender As Object,

    _ByVal cert As X509Certificate,

    _ByVal chain As X509Chain,

    _ByVal sslErrors As SslPolicyErrors) As Boolean

      Return True

    End Function

    Not sure why/how your "flag" reference is different?

  2. Kateryna says:

    I just named it this way, to show that my client will accept ALL certificates from the server it is trying to talk to. It is your custom delegate callback function of type RemoteCertificateValidationCallback.

  3. This article is meant to provide a quick reference troubleshooting guide to help with the most frequently