Syntax

Visual Basic (Declaration)
Public Sub setCertificateValidator( _ ByVal certValidator As RemoteCertificateValidationCallback _ )

C#
public void setCertificateValidator( RemoteCertificateValidationCallback certValidator )

C++
public: void setCertificateValidator( RemoteCertificateValidationCallback certValidator ) sealed

J#
public void setCertificateValidator( RemoteCertificateValidationCallback certValidator )

JScript
public function setCertificateValidator( certValidator : RemoteCertificateValidationCallback )

Parameters

certValidator: The callback used to filter validation.

Remarks

The default is DefaultCertificateValidator. A custom certificate validator is needed only in unusual circumstances. For example if a self-signed certificate is in use.

Example

A sample custom certificate validator for self-signed certificates:

	Copy Code
private static bool validateSelfSignedCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (sslPolicyErrors == SslPolicyErrors.None) return true; // A self-signed certificate should have exactly one chain status entry, // and that entry should be "untrusted root" if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0) { if ((chain.ChainStatus.Length == 1) && (chain.ChainStatus[0].Status == X509ChainStatusFlags.UntrustedRoot)) { // The one acceptable case sslPolicyErrors -= SslPolicyErrors.RemoteCertificateChainErrors; } else { Console.WriteLine("{0} cert chain errors", chain.ChainStatus.Length); foreach (var chainStatus in chain.ChainStatus) { X509ChainStatusFlags xflags = chainStatus.Status; Console.WriteLine("\t" + chainStatus.Status); Console.WriteLine("\t" + chainStatus.StatusInformation); } return false; } } // Self-signed certificates likely won't match the "domain name" sslPolicyErrors = sslPolicyErrors & ~SslPolicyErrors.RemoteCertificateNameMismatch; if (sslPolicyErrors == SslPolicyErrors.None) return true; Console.WriteLine("Certificate error: {0}", sslPolicyErrors); return false; }

Copy Code

             private static bool 
             validateSelfSignedCertificate(object sender, 
                                           X509Certificate certificate,
                                           X509Chain chain,
                                           SslPolicyErrors sslPolicyErrors)
             {
                 if (sslPolicyErrors == SslPolicyErrors.None)
                     return true;
             
                 // A self-signed certificate should have exactly one chain status entry,
                 // and that entry should be "untrusted root"
             
                 if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0) {
                     if ((chain.ChainStatus.Length == 1) && (chain.ChainStatus[0].Status == X509ChainStatusFlags.UntrustedRoot)) {
                         // The one acceptable case
                         sslPolicyErrors -= SslPolicyErrors.RemoteCertificateChainErrors;
                     }
                     else {
                         Console.WriteLine("{0} cert chain errors", chain.ChainStatus.Length);
                         foreach (var chainStatus in chain.ChainStatus) {
                             X509ChainStatusFlags xflags = chainStatus.Status;
                             Console.WriteLine("\t" + chainStatus.Status);
                             Console.WriteLine("\t" + chainStatus.StatusInformation);
                         }
                         return false;
                     }
                 }
            
                 // Self-signed certificates likely won't match the "domain name"
                 sslPolicyErrors = sslPolicyErrors & ~SslPolicyErrors.RemoteCertificateNameMismatch;
            
                 if (sslPolicyErrors == SslPolicyErrors.None)
                     return true;
            
                 Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
            
                 return false;
             }

Syntax

Parameters

Remarks

Example

See Also