PKI Tutorials - Herong's Tutorial Examples - Version 2.04, by Dr. Herong Yang
.NET Program Failed with CA Certificates Deleted
This section provides a tutorial example on testing .NET program on HTTPS communication with root CA certificates deleted - .NET program failed.
After disabling both root CA certificates, my .NET test program still works on https://login.yahoo.com. My last test is to delete both root CA certificates from the trusted certificate store.
1. Delete the first root CA certificate, "DigiCert High Assurance EV Root CA", from the trusted certificate store, using the certificate console.
2. Delete the second root CA certificate, "GTE CyberTrust Global Root", from the trusted certificate store, using the certificate console.
3. Run the .NET test program again:
This time, an error message shows up:
"Visual Studio Just-In-Time Debugger -
An unhandled win32 exception occurred in WebReader.exe .
Just-In-Time debugging this exception failed with the following error:
No installed debugger has Just-In-Time debugging enabled.
In Visual Studio, Just-In-Time debugging can be enabled from
Check the documentation index for 'Just-in-time debugging, errors'
for more information."
I am very happy to see the error message. This proves that .NET program does verify server certificate. This also proves that .NET program does use the trusted certificate store for root CA certificates. But this also proves that .NET program does not respect the "Disabled" flag on root CA certificates.
But why .NET gives such a useless error message? Read the next section for answers.
Last update: 2011.
Table of Contents