Bypassing Certificate Validation in .NET
July 24, 2007
Why would you ever want to bypass certification verification? …Well, maybe if you’re testing a web service that’s under development and you don’t own a valid certificate yet like me.
It took a while to figure this out. I was convinced it would be something simple, and it was…
The code below implements a custom certificate validation method that does nothing. You could customize the TrustAllCertificatesCallback method to execute your own meaningful validation, my example simply validates every request. Notice my nifty TODO comment? I wrote this as a temporary fix and I was a little paranoid I’d forget to take this line out.
I’ve only tested this with WSE3 (Microsoft Web Service Enhancements v3) on the client side talking to a Java implementation of Axis2 on the server side. …But this should work with WSE3/.Net on whatever.
static class Program
/// The main entry point for the application.
static void Main()
// TODO: REMOVE THIS LINE BEFORE GOING INTO PRODUCTION!!!
public static bool TrustAllCertificatesCallback(
object sender, X509Certificate cert,
X509Chain chain, SslPolicyErrors errors)