Re: Valid Certificate Authority
From: Harry Simpson (hssimpson_at_nospamphgt.net)
Date: 06/11/04
- Previous message: Robert D. Pinkerton: "Security for Visual Studio.Net"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Valid Certificate Authority"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Valid Certificate Authority"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Valid Certificate Authority"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 11 Jun 2004 15:30:22 -0500
Joe,
It's the third check on the Security Alert dialog box:
"The name on the security certificate is invalid or does not match the name
of the site"
Harry
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:u1iYKb8TEHA.3012@tk2msftngp13.phx.gbl...
> Ok, the thing is here that it is your browser that is complaining about
the
> server certificate, not the server that is complaining. Since your
browser
> is not sending a client certificate to the server, there is nothing for
the
> server to check. Thus there is no code you can put in your web
application.
>
> However, SSL should match the name on the certificate to the hostname
> (SIMPSON) in your case, so it should work. What certificate warning do
you
> get from IE and what are the details?
>
> Joe K.
>
> "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> news:eNUJC67TEHA.1048@tk2msftngp13.phx.gbl...
> > Hi Joe,
> >
> > I'm merely starting an ASP.NET web application on an intranet server
from
> a
> > browser within the same intranet.
> >
> > Since SelfSSL uses the name of the machine (SIMPSON) it doesn't
reconcile
> to
> > the web's name "MyWebApp" when i make the call to it using
> > https://SIMPSON/MyWebApp
> > so i get the third check not true notice. My app is not internet but
> > intranet with no internet Whois type url.
> >
> > Harry
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
wrote
> > in message news:OTubsG2TEHA.1036@TK2MSFTNGP09.phx.gbl...
> > > I'm not sure I understand. Is your ASP.NET application making a call
to
> > > another web site via something based on HttpWebRequest or a web
service
> > > call? If so, you would do it then. If not, how are you calling
another
> > > server?
> > >
> > > If you aren't calling another server, then why would you need to check
a
> > > server's certificate?
> > >
> > > Joe K.
> > >
> > > "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> > > news:usTnTpzTEHA.3976@TK2MSFTNGP09.phx.gbl...
> > > > Thanks Joe,
> > > >
> > > > The code actually didn't work but it's probablky just me......
> > > >
> > > > Was wondering where you put pre-request code in an ASP.NET app??
> > > >
> > > > Harry
> > > >
> > > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
> > wrote
> > > > in message news:O%236L97yTEHA.808@tk2msftngp13.phx.gbl...
> > > > > The code here shows how to create a class that implements
> > > > > ICertificatePolicy:
> > > > >
> > > >
> > >
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetICertificatePolicyClassTopic.asp?frame=true
> > > > >
> > > > > To use it, you add a new instance of your class to the
> > > > > ServicePointManager.CertificatePolicy property BEFORE you make any
> > > > > WebRequests (or SOAP calls or anything else that wraps
WebRequest).
> > > > >
> > > > >
> > > >
> > >
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetServicePointManagerClassCertificatePolicyTopic.asp?frame=true
> > > > >
> > > > > Then, you can enforce your own certificate policy based on the
rules
> > you
> > > > > code in your CheckValidationResult Method.
> > > > >
> > > > > Joe K.
> > > > >
> > > > > "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> > > > > news:OH7xojxTEHA.1472@TK2MSFTNGP12.phx.gbl...
> > > > > > Using the SelfSSL internally (intranet) and the third check
> doesn't
> > > pass
> > > > > > since we created the cert.
> > > > > >
> > > > > > Where does this code (CheckValidationResult) actually go in the
> web
> > > > > > application??
> > > > > >
> > > > > > Harry
> > > > > >
> > > > > > "Joe Kaplan (MVP - ADSI)"
> <joseph.e.kaplan@removethis.accenture.com>
> > > > wrote
> > > > > > in message news:eq6OqzwTEHA.3988@TK2MSFTNGP10.phx.gbl...
> > > > > > > The certificate will be trusted based on the trusted root
> > > certificates
> > > > > > > configured on the current machine. You can use the
> > > ICertificatePolicy
> > > > > > class
> > > > > > > that I mentioned before to determine whether the CA for the
cert
> > was
> > > > not
> > > > > > > trusted by examining the certificateProblem parameter in
> > > > > > > CheckValidationResult. I found a decent blog posting that
shows
> > > what
> > > > > the
> > > > > > > values of the parameter can be (they are probably in the
> platform
> > > SDK
> > > > > > > somewhere...):
> > > > > > >
> > > > > > > http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx
> > > > > > >
> > > > > > >
> > > > > > > Joe K.
> > > > > > >
> > > > > > > "Curtis Justus" <cjustus-nospam@ser.nospam.itis.com> wrote in
> > > message
> > > > > > > news:ePvVDovTEHA.1548@TK2MSFTNGP11.phx.gbl...
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > I need to verify that a certificate is coming from a valid
> > > > certificate
> > > > > > > > authority. Does anybody know where I could obtain a list
with
> > > that
> > > > > > > > information?
> > > > > > > >
> > > > > > > > Thanks,
> > > > > > > > cj
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Previous message: Robert D. Pinkerton: "Security for Visual Studio.Net"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Valid Certificate Authority"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Valid Certificate Authority"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Valid Certificate Authority"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
