Valid Certificate Authority

Discussion in 'ASP .Net Security' started by Curtis Justus, Jun 10, 2004.

  1. Hi,

    I need to verify that a certificate is coming from a valid certificate
    authority. Does anybody know where I could obtain a list with that
    information?

    Thanks,
    cj
     
    Curtis Justus, Jun 10, 2004
    #1
    1. Advertising

  2. The certificate will be trusted based on the trusted root certificates
    configured on the current machine. You can use the ICertificatePolicy class
    that I mentioned before to determine whether the CA for the cert was not
    trusted by examining the certificateProblem parameter in
    CheckValidationResult. I found a decent blog posting that shows what the
    values of the parameter can be (they are probably in the platform SDK
    somewhere...):

    http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx


    Joe K.

    "Curtis Justus" <> wrote in message
    news:...
    > Hi,
    >
    > I need to verify that a certificate is coming from a valid certificate
    > authority. Does anybody know where I could obtain a list with that
    > information?
    >
    > Thanks,
    > cj
    >
    >
     
    Joe Kaplan \(MVP - ADSI\), Jun 10, 2004
    #2
    1. Advertising

  3. Using the SelfSSL internally (intranet) and the third check doesn't pass
    since we created the cert.

    Where does this code (CheckValidationResult) actually go in the web
    application??

    Harry

    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:...
    > The certificate will be trusted based on the trusted root certificates
    > configured on the current machine. You can use the ICertificatePolicy

    class
    > that I mentioned before to determine whether the CA for the cert was not
    > trusted by examining the certificateProblem parameter in
    > CheckValidationResult. I found a decent blog posting that shows what the
    > values of the parameter can be (they are probably in the platform SDK
    > somewhere...):
    >
    > http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx
    >
    >
    > Joe K.
    >
    > "Curtis Justus" <> wrote in message
    > news:...
    > > Hi,
    > >
    > > I need to verify that a certificate is coming from a valid certificate
    > > authority. Does anybody know where I could obtain a list with that
    > > information?
    > >
    > > Thanks,
    > > cj
    > >
    > >

    >
    >
     
    Harry Simpson, Jun 10, 2004
    #3
  4. The code here shows how to create a class that implements
    ICertificatePolicy:
    http://msdn.microsoft.com/library/d...etICertificatePolicyClassTopic.asp?frame=true

    To use it, you add a new instance of your class to the
    ServicePointManager.CertificatePolicy property BEFORE you make any
    WebRequests (or SOAP calls or anything else that wraps WebRequest).

    http://msdn.microsoft.com/library/d...gerClassCertificatePolicyTopic.asp?frame=true

    Then, you can enforce your own certificate policy based on the rules you
    code in your CheckValidationResult Method.

    Joe K.

    "Harry Simpson" <> wrote in message
    news:...
    > Using the SelfSSL internally (intranet) and the third check doesn't pass
    > since we created the cert.
    >
    > Where does this code (CheckValidationResult) actually go in the web
    > application??
    >
    > Harry
    >
    > "Joe Kaplan (MVP - ADSI)" <> wrote
    > in message news:...
    > > The certificate will be trusted based on the trusted root certificates
    > > configured on the current machine. You can use the ICertificatePolicy

    > class
    > > that I mentioned before to determine whether the CA for the cert was not
    > > trusted by examining the certificateProblem parameter in
    > > CheckValidationResult. I found a decent blog posting that shows what

    the
    > > values of the parameter can be (they are probably in the platform SDK
    > > somewhere...):
    > >
    > > http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx
    > >
    > >
    > > Joe K.
    > >
    > > "Curtis Justus" <> wrote in message
    > > news:...
    > > > Hi,
    > > >
    > > > I need to verify that a certificate is coming from a valid certificate
    > > > authority. Does anybody know where I could obtain a list with that
    > > > information?
    > > >
    > > > Thanks,
    > > > cj
    > > >
    > > >

    > >
    > >

    >
    >
     
    Joe Kaplan \(MVP - ADSI\), Jun 10, 2004
    #4
  5. Thanks Joe,

    The code actually didn't work but it's probablky just me......

    Was wondering where you put pre-request code in an ASP.NET app??

    Harry

    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:O%...
    > The code here shows how to create a class that implements
    > ICertificatePolicy:
    >

    http://msdn.microsoft.com/library/d...etICertificatePolicyClassTopic.asp?frame=true
    >
    > To use it, you add a new instance of your class to the
    > ServicePointManager.CertificatePolicy property BEFORE you make any
    > WebRequests (or SOAP calls or anything else that wraps WebRequest).
    >
    >

    http://msdn.microsoft.com/library/d...gerClassCertificatePolicyTopic.asp?frame=true
    >
    > Then, you can enforce your own certificate policy based on the rules you
    > code in your CheckValidationResult Method.
    >
    > Joe K.
    >
    > "Harry Simpson" <> wrote in message
    > news:...
    > > Using the SelfSSL internally (intranet) and the third check doesn't pass
    > > since we created the cert.
    > >
    > > Where does this code (CheckValidationResult) actually go in the web
    > > application??
    > >
    > > Harry
    > >
    > > "Joe Kaplan (MVP - ADSI)" <>

    wrote
    > > in message news:...
    > > > The certificate will be trusted based on the trusted root certificates
    > > > configured on the current machine. You can use the ICertificatePolicy

    > > class
    > > > that I mentioned before to determine whether the CA for the cert was

    not
    > > > trusted by examining the certificateProblem parameter in
    > > > CheckValidationResult. I found a decent blog posting that shows what

    > the
    > > > values of the parameter can be (they are probably in the platform SDK
    > > > somewhere...):
    > > >
    > > > http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx
    > > >
    > > >
    > > > Joe K.
    > > >
    > > > "Curtis Justus" <> wrote in message
    > > > news:...
    > > > > Hi,
    > > > >
    > > > > I need to verify that a certificate is coming from a valid

    certificate
    > > > > authority. Does anybody know where I could obtain a list with that
    > > > > information?
    > > > >
    > > > > Thanks,
    > > > > cj
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Harry Simpson, Jun 10, 2004
    #5
  6. I'm not sure I understand. Is your ASP.NET application making a call to
    another web site via something based on HttpWebRequest or a web service
    call? If so, you would do it then. If not, how are you calling another
    server?

    If you aren't calling another server, then why would you need to check a
    server's certificate?

    Joe K.

    "Harry Simpson" <> wrote in message
    news:...
    > Thanks Joe,
    >
    > The code actually didn't work but it's probablky just me......
    >
    > Was wondering where you put pre-request code in an ASP.NET app??
    >
    > Harry
    >
    > "Joe Kaplan (MVP - ADSI)" <> wrote
    > in message news:O%...
    > > The code here shows how to create a class that implements
    > > ICertificatePolicy:
    > >

    >

    http://msdn.microsoft.com/library/d...etICertificatePolicyClassTopic.asp?frame=true
    > >
    > > To use it, you add a new instance of your class to the
    > > ServicePointManager.CertificatePolicy property BEFORE you make any
    > > WebRequests (or SOAP calls or anything else that wraps WebRequest).
    > >
    > >

    >

    http://msdn.microsoft.com/library/d...gerClassCertificatePolicyTopic.asp?frame=true
    > >
    > > Then, you can enforce your own certificate policy based on the rules you
    > > code in your CheckValidationResult Method.
    > >
    > > Joe K.
    > >
    > > "Harry Simpson" <> wrote in message
    > > news:...
    > > > Using the SelfSSL internally (intranet) and the third check doesn't

    pass
    > > > since we created the cert.
    > > >
    > > > Where does this code (CheckValidationResult) actually go in the web
    > > > application??
    > > >
    > > > Harry
    > > >
    > > > "Joe Kaplan (MVP - ADSI)" <>

    > wrote
    > > > in message news:...
    > > > > The certificate will be trusted based on the trusted root

    certificates
    > > > > configured on the current machine. You can use the

    ICertificatePolicy
    > > > class
    > > > > that I mentioned before to determine whether the CA for the cert was

    > not
    > > > > trusted by examining the certificateProblem parameter in
    > > > > CheckValidationResult. I found a decent blog posting that shows

    what
    > > the
    > > > > values of the parameter can be (they are probably in the platform

    SDK
    > > > > somewhere...):
    > > > >
    > > > > http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx
    > > > >
    > > > >
    > > > > Joe K.
    > > > >
    > > > > "Curtis Justus" <> wrote in

    message
    > > > > news:...
    > > > > > Hi,
    > > > > >
    > > > > > I need to verify that a certificate is coming from a valid

    > certificate
    > > > > > authority. Does anybody know where I could obtain a list with

    that
    > > > > > information?
    > > > > >
    > > > > > Thanks,
    > > > > > cj
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Joe Kaplan \(MVP - ADSI\), Jun 11, 2004
    #6
  7. Hi Joe,

    I'm merely starting an ASP.NET web application on an intranet server from a
    browser within the same intranet.

    Since SelfSSL uses the name of the machine (SIMPSON) it doesn't reconcile to
    the web's name "MyWebApp" when i make the call to it using
    https://SIMPSON/MyWebApp
    so i get the third check not true notice. My app is not internet but
    intranet with no internet Whois type url.

    Harry

    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:...
    > I'm not sure I understand. Is your ASP.NET application making a call to
    > another web site via something based on HttpWebRequest or a web service
    > call? If so, you would do it then. If not, how are you calling another
    > server?
    >
    > If you aren't calling another server, then why would you need to check a
    > server's certificate?
    >
    > Joe K.
    >
    > "Harry Simpson" <> wrote in message
    > news:...
    > > Thanks Joe,
    > >
    > > The code actually didn't work but it's probablky just me......
    > >
    > > Was wondering where you put pre-request code in an ASP.NET app??
    > >
    > > Harry
    > >
    > > "Joe Kaplan (MVP - ADSI)" <>

    wrote
    > > in message news:O%...
    > > > The code here shows how to create a class that implements
    > > > ICertificatePolicy:
    > > >

    > >

    >

    http://msdn.microsoft.com/library/d...etICertificatePolicyClassTopic.asp?frame=true
    > > >
    > > > To use it, you add a new instance of your class to the
    > > > ServicePointManager.CertificatePolicy property BEFORE you make any
    > > > WebRequests (or SOAP calls or anything else that wraps WebRequest).
    > > >
    > > >

    > >

    >

    http://msdn.microsoft.com/library/d...gerClassCertificatePolicyTopic.asp?frame=true
    > > >
    > > > Then, you can enforce your own certificate policy based on the rules

    you
    > > > code in your CheckValidationResult Method.
    > > >
    > > > Joe K.
    > > >
    > > > "Harry Simpson" <> wrote in message
    > > > news:...
    > > > > Using the SelfSSL internally (intranet) and the third check doesn't

    > pass
    > > > > since we created the cert.
    > > > >
    > > > > Where does this code (CheckValidationResult) actually go in the web
    > > > > application??
    > > > >
    > > > > Harry
    > > > >
    > > > > "Joe Kaplan (MVP - ADSI)" <>

    > > wrote
    > > > > in message news:...
    > > > > > The certificate will be trusted based on the trusted root

    > certificates
    > > > > > configured on the current machine. You can use the

    > ICertificatePolicy
    > > > > class
    > > > > > that I mentioned before to determine whether the CA for the cert

    was
    > > not
    > > > > > trusted by examining the certificateProblem parameter in
    > > > > > CheckValidationResult. I found a decent blog posting that shows

    > what
    > > > the
    > > > > > values of the parameter can be (they are probably in the platform

    > SDK
    > > > > > somewhere...):
    > > > > >
    > > > > > http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx
    > > > > >
    > > > > >
    > > > > > Joe K.
    > > > > >
    > > > > > "Curtis Justus" <> wrote in

    > message
    > > > > > news:...
    > > > > > > Hi,
    > > > > > >
    > > > > > > I need to verify that a certificate is coming from a valid

    > > certificate
    > > > > > > authority. Does anybody know where I could obtain a list with

    > that
    > > > > > > information?
    > > > > > >
    > > > > > > Thanks,
    > > > > > > cj
    > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Harry Simpson, Jun 11, 2004
    #7
  8. Ok, the thing is here that it is your browser that is complaining about the
    server certificate, not the server that is complaining. Since your browser
    is not sending a client certificate to the server, there is nothing for the
    server to check. Thus there is no code you can put in your web application.

    However, SSL should match the name on the certificate to the hostname
    (SIMPSON) in your case, so it should work. What certificate warning do you
    get from IE and what are the details?

    Joe K.

    "Harry Simpson" <> wrote in message
    news:...
    > Hi Joe,
    >
    > I'm merely starting an ASP.NET web application on an intranet server from

    a
    > browser within the same intranet.
    >
    > Since SelfSSL uses the name of the machine (SIMPSON) it doesn't reconcile

    to
    > the web's name "MyWebApp" when i make the call to it using
    > https://SIMPSON/MyWebApp
    > so i get the third check not true notice. My app is not internet but
    > intranet with no internet Whois type url.
    >
    > Harry
    >
    > "Joe Kaplan (MVP - ADSI)" <> wrote
    > in message news:...
    > > I'm not sure I understand. Is your ASP.NET application making a call to
    > > another web site via something based on HttpWebRequest or a web service
    > > call? If so, you would do it then. If not, how are you calling another
    > > server?
    > >
    > > If you aren't calling another server, then why would you need to check a
    > > server's certificate?
    > >
    > > Joe K.
    > >
    > > "Harry Simpson" <> wrote in message
    > > news:...
    > > > Thanks Joe,
    > > >
    > > > The code actually didn't work but it's probablky just me......
    > > >
    > > > Was wondering where you put pre-request code in an ASP.NET app??
    > > >
    > > > Harry
    > > >
    > > > "Joe Kaplan (MVP - ADSI)" <>

    > wrote
    > > > in message news:O%...
    > > > > The code here shows how to create a class that implements
    > > > > ICertificatePolicy:
    > > > >
    > > >

    > >

    >

    http://msdn.microsoft.com/library/d...etICertificatePolicyClassTopic.asp?frame=true
    > > > >
    > > > > To use it, you add a new instance of your class to the
    > > > > ServicePointManager.CertificatePolicy property BEFORE you make any
    > > > > WebRequests (or SOAP calls or anything else that wraps WebRequest).
    > > > >
    > > > >
    > > >

    > >

    >

    http://msdn.microsoft.com/library/d...gerClassCertificatePolicyTopic.asp?frame=true
    > > > >
    > > > > Then, you can enforce your own certificate policy based on the rules

    > you
    > > > > code in your CheckValidationResult Method.
    > > > >
    > > > > Joe K.
    > > > >
    > > > > "Harry Simpson" <> wrote in message
    > > > > news:...
    > > > > > Using the SelfSSL internally (intranet) and the third check

    doesn't
    > > pass
    > > > > > since we created the cert.
    > > > > >
    > > > > > Where does this code (CheckValidationResult) actually go in the

    web
    > > > > > application??
    > > > > >
    > > > > > Harry
    > > > > >
    > > > > > "Joe Kaplan (MVP - ADSI)"

    <>
    > > > wrote
    > > > > > in message news:...
    > > > > > > The certificate will be trusted based on the trusted root

    > > certificates
    > > > > > > configured on the current machine. You can use the

    > > ICertificatePolicy
    > > > > > class
    > > > > > > that I mentioned before to determine whether the CA for the cert

    > was
    > > > not
    > > > > > > trusted by examining the certificateProblem parameter in
    > > > > > > CheckValidationResult. I found a decent blog posting that shows

    > > what
    > > > > the
    > > > > > > values of the parameter can be (they are probably in the

    platform
    > > SDK
    > > > > > > somewhere...):
    > > > > > >
    > > > > > > http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx
    > > > > > >
    > > > > > >
    > > > > > > Joe K.
    > > > > > >
    > > > > > > "Curtis Justus" <> wrote in

    > > message
    > > > > > > news:...
    > > > > > > > Hi,
    > > > > > > >
    > > > > > > > I need to verify that a certificate is coming from a valid
    > > > certificate
    > > > > > > > authority. Does anybody know where I could obtain a list with

    > > that
    > > > > > > > information?
    > > > > > > >
    > > > > > > > Thanks,
    > > > > > > > cj
    > > > > > > >
    > > > > > > >
    > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Joe Kaplan \(MVP - ADSI\), Jun 11, 2004
    #8
  9. Joe,

    It's the third check on the Security Alert dialog box:
    "The name on the security certificate is invalid or does not match the name
    of the site"

    Harry

    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:...
    > Ok, the thing is here that it is your browser that is complaining about

    the
    > server certificate, not the server that is complaining. Since your

    browser
    > is not sending a client certificate to the server, there is nothing for

    the
    > server to check. Thus there is no code you can put in your web

    application.
    >
    > However, SSL should match the name on the certificate to the hostname
    > (SIMPSON) in your case, so it should work. What certificate warning do

    you
    > get from IE and what are the details?
    >
    > Joe K.
    >
    > "Harry Simpson" <> wrote in message
    > news:...
    > > Hi Joe,
    > >
    > > I'm merely starting an ASP.NET web application on an intranet server

    from
    > a
    > > browser within the same intranet.
    > >
    > > Since SelfSSL uses the name of the machine (SIMPSON) it doesn't

    reconcile
    > to
    > > the web's name "MyWebApp" when i make the call to it using
    > > https://SIMPSON/MyWebApp
    > > so i get the third check not true notice. My app is not internet but
    > > intranet with no internet Whois type url.
    > >
    > > Harry
    > >
    > > "Joe Kaplan (MVP - ADSI)" <>

    wrote
    > > in message news:...
    > > > I'm not sure I understand. Is your ASP.NET application making a call

    to
    > > > another web site via something based on HttpWebRequest or a web

    service
    > > > call? If so, you would do it then. If not, how are you calling

    another
    > > > server?
    > > >
    > > > If you aren't calling another server, then why would you need to check

    a
    > > > server's certificate?
    > > >
    > > > Joe K.
    > > >
    > > > "Harry Simpson" <> wrote in message
    > > > news:...
    > > > > Thanks Joe,
    > > > >
    > > > > The code actually didn't work but it's probablky just me......
    > > > >
    > > > > Was wondering where you put pre-request code in an ASP.NET app??
    > > > >
    > > > > Harry
    > > > >
    > > > > "Joe Kaplan (MVP - ADSI)" <>

    > > wrote
    > > > > in message news:O%...
    > > > > > The code here shows how to create a class that implements
    > > > > > ICertificatePolicy:
    > > > > >
    > > > >
    > > >

    > >

    >

    http://msdn.microsoft.com/library/d...etICertificatePolicyClassTopic.asp?frame=true
    > > > > >
    > > > > > To use it, you add a new instance of your class to the
    > > > > > ServicePointManager.CertificatePolicy property BEFORE you make any
    > > > > > WebRequests (or SOAP calls or anything else that wraps

    WebRequest).
    > > > > >
    > > > > >
    > > > >
    > > >

    > >

    >

    http://msdn.microsoft.com/library/d...gerClassCertificatePolicyTopic.asp?frame=true
    > > > > >
    > > > > > Then, you can enforce your own certificate policy based on the

    rules
    > > you
    > > > > > code in your CheckValidationResult Method.
    > > > > >
    > > > > > Joe K.
    > > > > >
    > > > > > "Harry Simpson" <> wrote in message
    > > > > > news:...
    > > > > > > Using the SelfSSL internally (intranet) and the third check

    > doesn't
    > > > pass
    > > > > > > since we created the cert.
    > > > > > >
    > > > > > > Where does this code (CheckValidationResult) actually go in the

    > web
    > > > > > > application??
    > > > > > >
    > > > > > > Harry
    > > > > > >
    > > > > > > "Joe Kaplan (MVP - ADSI)"

    > <>
    > > > > wrote
    > > > > > > in message news:...
    > > > > > > > The certificate will be trusted based on the trusted root
    > > > certificates
    > > > > > > > configured on the current machine. You can use the
    > > > ICertificatePolicy
    > > > > > > class
    > > > > > > > that I mentioned before to determine whether the CA for the

    cert
    > > was
    > > > > not
    > > > > > > > trusted by examining the certificateProblem parameter in
    > > > > > > > CheckValidationResult. I found a decent blog posting that

    shows
    > > > what
    > > > > > the
    > > > > > > > values of the parameter can be (they are probably in the

    > platform
    > > > SDK
    > > > > > > > somewhere...):
    > > > > > > >
    > > > > > > > http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx
    > > > > > > >
    > > > > > > >
    > > > > > > > Joe K.
    > > > > > > >
    > > > > > > > "Curtis Justus" <> wrote in
    > > > message
    > > > > > > > news:...
    > > > > > > > > Hi,
    > > > > > > > >
    > > > > > > > > I need to verify that a certificate is coming from a valid
    > > > > certificate
    > > > > > > > > authority. Does anybody know where I could obtain a list

    with
    > > > that
    > > > > > > > > information?
    > > > > > > > >
    > > > > > > > > Thanks,
    > > > > > > > > cj
    > > > > > > > >
    > > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Harry Simpson, Jun 11, 2004
    #9
  10. I think that dialog allows you to bring up the name of the certificate in
    the certificate viewer, so you should be able to check that to verify that
    the name on the cert is actually equal to SIMPSON. If it is not, then that
    is the problem. You can either change the certificate to match the hostname
    or change the hostname (via DNS, hosts file or whatever) to match the cert.

    HTH,

    Joe K.

    "Harry Simpson" <> wrote in message
    news:OB$DjK$...
    > Joe,
    >
    > It's the third check on the Security Alert dialog box:
    > "The name on the security certificate is invalid or does not match the

    name
    > of the site"
    >
    > Harry
    >
    > "Joe Kaplan (MVP - ADSI)" <> wrote
    > in message news:...
    > > Ok, the thing is here that it is your browser that is complaining about

    > the
    > > server certificate, not the server that is complaining. Since your

    > browser
    > > is not sending a client certificate to the server, there is nothing for

    > the
    > > server to check. Thus there is no code you can put in your web

    > application.
    > >
    > > However, SSL should match the name on the certificate to the hostname
    > > (SIMPSON) in your case, so it should work. What certificate warning do

    > you
    > > get from IE and what are the details?
    > >
    > > Joe K.
    > >
    > > "Harry Simpson" <> wrote in message
    > > news:...
    > > > Hi Joe,
    > > >
    > > > I'm merely starting an ASP.NET web application on an intranet server

    > from
    > > a
    > > > browser within the same intranet.
    > > >
    > > > Since SelfSSL uses the name of the machine (SIMPSON) it doesn't

    > reconcile
    > > to
    > > > the web's name "MyWebApp" when i make the call to it using
    > > > https://SIMPSON/MyWebApp
    > > > so i get the third check not true notice. My app is not internet but
    > > > intranet with no internet Whois type url.
    > > >
    > > > Harry
    > > >
    > > > "Joe Kaplan (MVP - ADSI)" <>

    > wrote
    > > > in message news:...
    > > > > I'm not sure I understand. Is your ASP.NET application making a

    call
    > to
    > > > > another web site via something based on HttpWebRequest or a web

    > service
    > > > > call? If so, you would do it then. If not, how are you calling

    > another
    > > > > server?
    > > > >
    > > > > If you aren't calling another server, then why would you need to

    check
    > a
    > > > > server's certificate?
    > > > >
    > > > > Joe K.
    > > > >
    > > > > "Harry Simpson" <> wrote in message
    > > > > news:...
    > > > > > Thanks Joe,
    > > > > >
    > > > > > The code actually didn't work but it's probablky just me......
    > > > > >
    > > > > > Was wondering where you put pre-request code in an ASP.NET app??
    > > > > >
    > > > > > Harry
    > > > > >
    > > > > > "Joe Kaplan (MVP - ADSI)"

    <>
    > > > wrote
    > > > > > in message news:O%...
    > > > > > > The code here shows how to create a class that implements
    > > > > > > ICertificatePolicy:
    > > > > > >
    > > > > >
    > > > >
    > > >

    > >

    >

    http://msdn.microsoft.com/library/d...etICertificatePolicyClassTopic.asp?frame=true
    > > > > > >
    > > > > > > To use it, you add a new instance of your class to the
    > > > > > > ServicePointManager.CertificatePolicy property BEFORE you make

    any
    > > > > > > WebRequests (or SOAP calls or anything else that wraps

    > WebRequest).
    > > > > > >
    > > > > > >
    > > > > >
    > > > >
    > > >

    > >

    >

    http://msdn.microsoft.com/library/d...gerClassCertificatePolicyTopic.asp?frame=true
    > > > > > >
    > > > > > > Then, you can enforce your own certificate policy based on the

    > rules
    > > > you
    > > > > > > code in your CheckValidationResult Method.
    > > > > > >
    > > > > > > Joe K.
    > > > > > >
    > > > > > > "Harry Simpson" <> wrote in message
    > > > > > > news:...
    > > > > > > > Using the SelfSSL internally (intranet) and the third check

    > > doesn't
    > > > > pass
    > > > > > > > since we created the cert.
    > > > > > > >
    > > > > > > > Where does this code (CheckValidationResult) actually go in

    the
    > > web
    > > > > > > > application??
    > > > > > > >
    > > > > > > > Harry
    > > > > > > >
    > > > > > > > "Joe Kaplan (MVP - ADSI)"

    > > <>
    > > > > > wrote
    > > > > > > > in message news:...
    > > > > > > > > The certificate will be trusted based on the trusted root
    > > > > certificates
    > > > > > > > > configured on the current machine. You can use the
    > > > > ICertificatePolicy
    > > > > > > > class
    > > > > > > > > that I mentioned before to determine whether the CA for the

    > cert
    > > > was
    > > > > > not
    > > > > > > > > trusted by examining the certificateProblem parameter in
    > > > > > > > > CheckValidationResult. I found a decent blog posting that

    > shows
    > > > > what
    > > > > > > the
    > > > > > > > > values of the parameter can be (they are probably in the

    > > platform
    > > > > SDK
    > > > > > > > > somewhere...):
    > > > > > > > >
    > > > > > > > > http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx
    > > > > > > > >
    > > > > > > > >
    > > > > > > > > Joe K.
    > > > > > > > >
    > > > > > > > > "Curtis Justus" <> wrote

    in
    > > > > message
    > > > > > > > > news:...
    > > > > > > > > > Hi,
    > > > > > > > > >
    > > > > > > > > > I need to verify that a certificate is coming from a valid
    > > > > > certificate
    > > > > > > > > > authority. Does anybody know where I could obtain a list

    > with
    > > > > that
    > > > > > > > > > information?
    > > > > > > > > >
    > > > > > > > > > Thanks,
    > > > > > > > > > cj
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Joe Kaplan \(MVP - ADSI\), Jun 11, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page