How can you verify validity of an HTTPS/SSL certificate in .NET?
Ideally I want to establish an HTTPS connection to a website and then find out if that was done in a valid way (certificate not expired, host name matches, certificate chain trusted etc), but the built in HTTP Client seems to ignore certificate errors (and I'm not sure that physically downloading a web page is necessary to verify a certificate?).
I've tried to use the code below (adapted from an answer in the comments) but the ValidationCallback never gets called:
static void Main(string[] args)
{
String url = "https://www.example.com";
HttpWebRequest request = WebRequest.CreateHttp(url);
request.GetResponse();
request.ServerCertificateValidationCallback += ServerCertificateValidationCallback;
Console.WriteLine("End");
Console.ReadKey();
}
private static bool ServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
Console.WriteLine("Certificate OK");
return true;
}
else
{
Console.WriteLine("Certificate ERROR");
return false;
}
}
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…