Sometimes you want your web services to use an SSL communications channel, but for one reason or another you cannot use a SSL certificate from a major CA.

Just this past week we had just such a need at work. A coworker of mine was having difficulties making web service calls over SSL when the certificate’s CA could not be trusted by .NET. I had mentioned to him that I had done something similar in the past, and offered my help.

I eventually came up wit this solution:

using System;
using System.Net;   //For the ServicePointManager
using System.Security.Cryptography.X509Certificates;    //for the X509 certificate
using System.Net.Security;  //for RemoteCertificateValidationCallback delegate & SslPolicyErrors

public partial class _Default : System.Web.UI.Page {
    protected void Page_Load(object sender, EventArgs e){
        ServicePointManager.ServerCertificateValidationCallback
            = new RemoteCertificateValidationCallback(certExaminer);
    }
    public bool certExaminer(object sender, X509Certificate c, X509Chain chain, SslPolicyErrors sllPolicyErrors) {
        return true;    //true means the certificate is okay to use
    }

}

Which I wrote up after having read this MSDN article. Now, whenever .NET needs to validate a certificate, it calls the function "certExaminer".

I had thought that I had done something different in the past. The above works, but modifies the certificate validation process for the entire running process.

So, I guess my question is, do any of you know of a better way to use web services with SSL certificates that have untrusted CAs?