PKI Tutorials - Herong's Tutorial Examples - Version 2.10, by Dr. Herong Yang

PKI Tutorials - Herong's Tutorial Examples

∟.NET Programs Communicating with HTTPS Servers

∟.NET Reporting Certificate Validation Failed

Why my .NET program gives such a useless error message when it fails to verify the server certificate? The answer is that my .NET program has no exception handling.

To prove this answer, I revised my .NET C# program as shown below:

// WebReaderWithException.cs
// Copyright (c) 2011, HerongYang.com, All Rights Reserved.
using System;
using System.IO;
using System.Text;
using System.Net;
public class WebReaderWithException {
   public static void Main(string[] args) {
      try {
         string url = args[0];
         WebRequest req = WebRequest.Create(url);
         WebResponse res = req.GetResponse();
         StreamReader web 
            = new StreamReader(res.GetResponseStream(),Encoding.UTF8);
         string line;
         while ((line = web.ReadLine()) != null)
            Console.WriteLine(line);
      } catch (Exception e) {
         Console.WriteLine(e.ToString());
      }
   }
}

Run my new program to connect to https://login.yahoo.com:

C:\herong>\windows\Microsoft.NET\Framework\v4.0.30319\csc 
   WebReaderWithException.cs

Microsoft (R) Visual C# 2010 Compiler version 4.0.30319.1
Copyright (C) Microsoft Corporation. All rights reserved.

C:\herong>WebReaderWithException.exe https://login.yahoo.com

System.Net.WebException: The underlying connection was closed: 
Could not establish trust relationship for the SSL/TLS secure channel.
---> System.Security.Authentication.AuthenticationException: 
The remote certificate is invalid according to the validation 
procedure.

   at System.Net.Security.SslState.StartSendAuthResetSignal(Protoco...
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive...
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, I...
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffe...
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, In...
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, ...
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive...
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, I...
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffe...
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, In...
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, ...
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive...
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, I...
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffe...
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, In...
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, ...
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive...
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, I...
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffe...
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, In...
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, ...
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive...
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, I...
   at System.Net.Security.SslState.ForceAuthentication(Boolean rece...
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncR...
   at System.Net.TlsStream.CallProcessAuthentication(Object state) ...
   at System.Threading.ExecutionContext.Run(ExecutionContext execut...
   at System.Threading.ExecutionContext.Run(ExecutionContext execut...
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult re...
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32...
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, In...
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetResponse()
   at WebReaderWithException.Main(String[] args)

Cool. Now my .NET test program is reporting the actual exception message, which confirms that the remote server certificate validation failed with root CA certificates deleted from the trusted certificate store.

Last update: 2011.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with IE (Internet Explorer)

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 Windows Certificate Stores and Console

►.NET Programs Communicating with HTTPS Servers

 System.Net.Request Class for HTTPS

 Test with CA Certificate Disabled

 Test with Second CA Certificate Disabled

 .NET Program Failed with CA Certificates Deleted

►.NET Reporting Certificate Validation Failed

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 Full Version in PDF/EPUB

.NET Reporting Certificate Validation Failed - Updated in 2018, by Dr. Herong Yang