Valid Certificate Authority

[Curtis Justus]

Hi,

I need to verify that a certificate is coming from a valid certificate
authority. Does anybody know where I could obtain a list with that
information?

Thanks,
cj

 

[Joe Kaplan \(MVP - ADSI\)]

The certificate will be trusted based on the trusted root certificates
configured on the current machine. You can use the ICertificatePolicy class
that I mentioned before to determine whether the CA for the cert was not
trusted by examining the certificateProblem parameter in
CheckValidationResult. I found a decent blog posting that shows what the
values of the parameter can be (they are probably in the platform SDK
somewhere...):

http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx


Joe K.

 

[Harry Simpson]

Using the SelfSSL internally (intranet) and the third check doesn't pass
since we created the cert.

Where does this code (CheckValidationResult) actually go in the web
application??

Harry

 

[Joe Kaplan \(MVP - ADSI\)]

The code here shows how to create a class that implements
ICertificatePolicy:
http://msdn.microsoft.com/library/d...etICertificatePolicyClassTopic.asp?frame=true

To use it, you add a new instance of your class to the
ServicePointManager.CertificatePolicy property BEFORE you make any
WebRequests (or SOAP calls or anything else that wraps WebRequest).

http://msdn.microsoft.com/library/d...gerClassCertificatePolicyTopic.asp?frame=true

Then, you can enforce your own certificate policy based on the rules you
code in your CheckValidationResult Method.

Joe K.

 

[Harry Simpson]

Thanks Joe,

The code actually didn't work but it's probablky just me......

Was wondering where you put pre-request code in an ASP.NET app??

Harry

 

[Joe Kaplan \(MVP - ADSI\)]

I'm not sure I understand. Is your ASP.NET application making a call to
another web site via something based on HttpWebRequest or a web service
call? If so, you would do it then. If not, how are you calling another
server?

If you aren't calling another server, then why would you need to check a
server's certificate?

Joe K.

 

[Harry Simpson]

Hi Joe,

I'm merely starting an ASP.NET web application on an intranet server from a
browser within the same intranet.

Since SelfSSL uses the name of the machine (SIMPSON) it doesn't reconcile to
the web's name "MyWebApp" when i make the call to it using
https://SIMPSON/MyWebApp
so i get the third check not true notice. My app is not internet but
intranet with no internet Whois type url.

Harry

 

[Joe Kaplan \(MVP - ADSI\)]

Ok, the thing is here that it is your browser that is complaining about the
server certificate, not the server that is complaining. Since your browser
is not sending a client certificate to the server, there is nothing for the
server to check. Thus there is no code you can put in your web application.

However, SSL should match the name on the certificate to the hostname
(SIMPSON) in your case, so it should work. What certificate warning do you
get from IE and what are the details?

Joe K.

 

[Harry Simpson]

Joe,

It's the third check on the Security Alert dialog box:
"The name on the security certificate is invalid or does not match the name
of the site"

Harry

 

[Joe Kaplan \(MVP - ADSI\)]

I think that dialog allows you to bring up the name of the certificate in
the certificate viewer, so you should be able to check that to verify that
the name on the cert is actually equal to SIMPSON. If it is not, then that
is the problem. You can either change the certificate to match the hostname
or change the hostname (via DNS, hosts file or whatever) to match the cert.

HTH,

Joe K.