C#•2y ago

❔ Custom cert validation in http client

I have a HttpClient with a SocketsHttpHandler that I'm trying to add a custom certificate to, because I'm talking to a service that requires it. I'm hitting some issues though, after adding the certificate through handler.SslOptions.ClientCertificates.Add(cert);I'm getting an "unknown certificate" error. Removing the Client Certificate just gives me the "bad certificate" error. So, I thought I'll add the Root CA as well, maybe that's the issue right? But I cannot get the callback on RemoteCertificateValidationCallbackto fire at all. From what I can gather, what's happening is that the ClientCertificate cannot be validated because it's signed by an untrusted Root CA, but since RemoteCertificateValidationCallback isnt being fired, how can I determine if it should be trusted or not? Same result if I just make it a HttpHandler instead. Any ideas here?

2 Replies

Henkypenky•2y ago

you can probably do something like:

.ConfigurePrimaryHttpMessageHandler(() =>
{
    return new HttpClientHandler
    {
        ClientCertificateOptions = ClientCertificateOption.Manual,
        SslProtocols = SslProtocols.Tls12,
        ClientCertificates.Add(new X509Certificate("path.crt"))        
    };
});

.ConfigurePrimaryHttpMessageHandler(() =>
{
    return new HttpClientHandler
    {
        ClientCertificateOptions = ClientCertificateOption.Manual,
        SslProtocols = SslProtocols.Tls12,
        ClientCertificates.Add(new X509Certificate("path.crt"))        
    };
});

RemoteCertificateValidationCallback this is mostly used for development purposes to ignore ssl validation the above should work you mal also need the password in the X509 certificate constructor

Accord•2y ago

Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.

Gaming

Programming

❔ Custom cert validation in http client