How can we improve the Windows platform?

Self Signed Certification SSL HTTPS

For those of us wanting to provide free applications it would be nice if the WP7 supported self signed certs or the very least a widely known free SSL authority.

Add ServicePointManager.

Or at the very least add a free service to your accepted list of SSL authorities. Like cacert.org for instance.

268 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    TemplarianTemplarian shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    16 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • AnonymousAnonymous commented  ·   ·  Flag as inappropriate

        This is simply pathetic that I could not attach a client certificate to WebRequest. How the certificate based authentication then work without for exchange servers and LDAP server would work. What big security threat do you see on doing this. I cannot have all certificate put in windows phone certificate store as I do not want to untidy users phone. iOS and Android works gret with this

      • Jerry HuangJerry Huang commented  ·   ·  Flag as inappropriate

        I can't believe there is no way to check certificate on client side. So I can't use SSL to protect data. Please give me a way to check certificate on client side.

      • Holger KreisslHolger Kreissl commented  ·   ·  Flag as inappropriate

        We are developing a security critical application for WP8 and we cannot believe that there is no way to check a certificate on the client side. So there is one way to protect the user for ssl hacking using SSL pinning or CN comparision.
        Please a this functionality or a way that makes it possible building serious apps for wp8.

      • M. IrfanM. Irfan commented  ·   ·  Flag as inappropriate

        Is there any update on it? Is there any alternative solution to use WCF server with self signed certificate in WP8 application? My service is giving error "Not found". Please help

      • Rui MarinhoRui Marinho commented  ·   ·  Flag as inappropriate

        This is still missing in windows phone 8, and it's even harder ... installing the certificate by hand doesn't work either.

        Please add the ServicePointManager class.

      • kktrekktre commented  ·   ·  Flag as inappropriate

        This.
        For those that want easily, cheaply and securely protect their web APIs from being accessed by others, https+basic auth is the solution. Unfortunately without a class like ServicePointManager I can't use my own cert files to protect my own API.

      • Andrew ByrneAndrew Byrne commented  ·   ·  Flag as inappropriate

        Hi, for information about SSL Root Certificates for Windows Phone, check out http://msdn.microsoft.com/en-us/library/gg521150(v=VS.92).aspx

        I have been able to test self-signed certs with a Windows Phone app, but I owned both ends of the pipe- the Windows Phone app and the Azure cloud service that was hosting the service to which I wanted to communicate. Installing the self-signed cert by sending it to yourself in hotmail was the way to go.

      • Chiranjit MishraChiranjit Mishra commented  ·   ·  Flag as inappropriate

        Hi All,

        I am trying to call HTTPS from windows phone 7.5 application.Though it is called successfully for HTTPS having certificate from trusted source like VeriSign,but it is returning an exception that remote server not found error for Self Signed Certificate.I have installed my self signed certficate in the device sending it by mail and called HTTPS like HTTP,but it didn't work.

        So can anyone suggest how to call HTTPS having Self Signed Certificate?Whether it is possible or not for Self Signed Certificate?



        Thanks

      • Thomas KistrupThomas Kistrup commented  ·   ·  Flag as inappropriate

        This is a must have, need to ignore the “address does not match the address in the security certificate” I can’t change the server certificate to match the URL. My app is useless if I can’t control the certificate validation process.

      • RyanRyan commented  ·   ·  Flag as inappropriate

        Definitely need a way to validate SSL connections that are rejected as invalid by the platform, like what ServicePointManager provides in the full .NET framework. This is a huge limitation for the platform, especially for debugging. You can't always control the SSL certificate of the servers you connect with.

      • NeerajNeeraj commented  ·   ·  Flag as inappropriate

        Best many of our applications are secured and if win phone won't provide it then there is no use for us to built application for windows phone

      Feedback and Knowledge Base