Archive, ASP.NET

Web Services & Self Signed SSL Certificates

Sometimes you want your web services to use an SSL communications channel, but for one reason or another you cannot use a SSL certificate from a major CA.

Just this past week we had just such a need at work. A coworker of mine was having difficulties making web service calls over SSL when the certificate’s CA could not be trusted by .NET. I had mentioned to him that I had done something similar in the past, and offered my help.

I eventually came up wit this solution:

using System;
using System.Net; //For the ServicePointManager
using System.Security.Cryptography.X509Certificates; //for the X509 certificate
using System.Net.Security; //for RemoteCertificateValidationCallback delegate & SslPolicyErrors

public partial class _Default : System.Web.UI.Page {
protected void Page_Load(object sender, EventArgs e){
= new RemoteCertificateValidationCallback(certExaminer);
public bool certExaminer(object sender, X509Certificate c, X509Chain chain, SslPolicyErrors sllPolicyErrors) {
return true; //true means the certificate is okay to use


Which I wrote up after having read this MSDN article. Now, whenever .NET needs to validate a certificate, it calls the function "certExaminer".

I had thought that I had done something different in the past. The above works, but modifies the certificate validation process for the entire running process.

So, I guess my question is, do any of you know of a better way to use web services with SSL certificates that have untrusted CAs?

Never miss an article! Subscribe to my newsletter and I'll keep you updated with the latest content.


About Jason

Jason is an experienced entrepreneur & software developer skilled in leadership, mobile development, data synchronization, and SaaS architecture. He earned his Bachelor of Science (B.S.) in Computer Science from Arkansas State University.
View all posts by Jason →

Leave a Reply

Your email address will not be published. Required fields are marked *