Test with Second CA Certificate Disabled

This section provides a tutorial example on testing .NET program on HTTPS communication with the second root CA certificate disabled.

To understand why my .NET test program is still working on https://login.yahoo.com after I disabled the root CA certificate "DigiCert High Assurance EV Root CA", I used IE 8 to visit https://login.yahoo.com again.

1. Run IE 8 and go to https://login.yahoo.com.

2. View server certificate path:

GTE CyberTrust Global Root            - The root CA certificate
|- DigiCert High Assurance EV Root CA - An intermediate CA certificate
   |- DigiCert High Assurance CA-3    - An intermediate CA certificate
      |- login.yahoo.com              - The Web server certificate

Do you see any differences comparing to the server certificate path before I disabled "DigiCert High Assurance EV Root CA"?

Server certificate "login.yahoo.com" has 2 valid certificate paths with 2 root CA certificates. Very strange setup!

3. Disable the other root CA certificate in the certificate store - Run certificate console and disable "GTE CyberTrust Global Root" as shown in previous tutorials.

4. Run the .NET test program again:

C:\herong>WebReader.exe https://login.yahoo.com

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org...
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in to Yahoo!</title>
...

The test program still works with the second root CA certificate disabled. Why? May be .NET is not verifying server certificate. Or may be .NET is using some other ways to verify server certificate. Read the next tutorial for answers.

Last update: 2011.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with IE (Internet Explorer) 10

 Using HTTPS with Chrome 40

 Using HTTPS with Firefox 35

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 Certificate Stores and Certificate Console

.NET Programs Communicating with HTTPS Servers

 System.Net.Request Class for HTTPS

 Test with CA Certificate Disabled

Test with Second CA Certificate Disabled

 .NET Program Failed with CA Certificates Deleted

 .NET Reporting Certificate Validation Failed

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Digital Signature - Microsoft Word 2007

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 PDF Printing Version