Self Signed Certification SSL HTTPS
For those of us wanting to provide free applications it would be nice if the WP7 supported self signed certs or the very least a widely known free SSL authority.
Or at the very least add a free service to your accepted list of SSL authorities. Like cacert.org for instance.
Tony Leung commented
Please let the client side to check the SSL certificate.
Andreas Summer commented
eventual with an property, SSL certificate public info?
This is simply pathetic that I could not attach a client certificate to WebRequest. How the certificate based authentication then work without for exchange servers and LDAP server would work. What big security threat do you see on doing this. I cannot have all certificate put in windows phone certificate store as I do not want to untidy users phone. iOS and Android works gret with this
Jerry Huang commented
I can't believe there is no way to check certificate on client side. So I can't use SSL to protect data. Please give me a way to check certificate on client side.
Holger Kreissl commented
We are developing a security critical application for WP8 and we cannot believe that there is no way to check a certificate on the client side. So there is one way to protect the user for ssl hacking using SSL pinning or CN comparision.
Please a this functionality or a way that makes it possible building serious apps for wp8.
Hi, my problem same as M.Irfan, anyone can give some help ?
M. Irfan commented
Is there any update on it? Is there any alternative solution to use WCF server with self signed certificate in WP8 application? My service is giving error "Not found". Please help
Rui Marinho commented
This is still missing in windows phone 8, and it's even harder ... installing the certificate by hand doesn't work either.
Please add the ServicePointManager class.
For those that want easily, cheaply and securely protect their web APIs from being accessed by others, https+basic auth is the solution. Unfortunately without a class like ServicePointManager I can't use my own cert files to protect my own API.
Ulf Skoglund commented
Fully agreed. This is needed.
Andrew Byrne commented
Hi, for information about SSL Root Certificates for Windows Phone, check out http://msdn.microsoft.com/en-us/library/gg521150(v=VS.92).aspx
I have been able to test self-signed certs with a Windows Phone app, but I owned both ends of the pipe- the Windows Phone app and the Azure cloud service that was hosting the service to which I wanted to communicate. Installing the self-signed cert by sending it to yourself in hotmail was the way to go.
Chiranjit Mishra commented
I am trying to call HTTPS from windows phone 7.5 application.Though it is called successfully for HTTPS having certificate from trusted source like VeriSign,but it is returning an exception that remote server not found error for Self Signed Certificate.I have installed my self signed certficate in the device sending it by mail and called HTTPS like HTTP,but it didn't work.
So can anyone suggest how to call HTTPS having Self Signed Certificate?Whether it is possible or not for Self Signed Certificate?
Thomas Kistrup commented
This is a must have, need to ignore the “address does not match the address in the security certificate” I can’t change the server certificate to match the URL. My app is useless if I can’t control the certificate validation process.
Definitely need a way to validate SSL connections that are rejected as invalid by the platform, like what ServicePointManager provides in the full .NET framework. This is a huge limitation for the platform, especially for debugging. You can't always control the SSL certificate of the servers you connect with.
Best many of our applications are secured and if win phone won't provide it then there is no use for us to built application for windows phone