Self Signed Certification SSL HTTPS
For those of us wanting to provide free applications it would be nice if the WP7 supported self signed certs or the very least a widely known free SSL authority.
Or at the very least add a free service to your accepted list of SSL authorities. Like cacert.org for instance.
There is SSL/TLS socket support in Windows Phone 8. However, currently no WP8 platform component seems to support SSL certificate pinning.
When a SSL connection is created, there is no way to inspect the x.509 certificate chain returned by the remote server. I want to implement certificate pinning for additional security in my app and therefore I need an API to read the values of individual x.509 certificates.
I am not the only one who needs this: http://stackoverflow.com/questions/17741740/read-ssl-certificate-details-on-wp8
Please provide a way to do certificate pinning using platform components in WP8.
Holger Kreissl commented
We are developing a security critical application for WP8 and we cannot believe that there is no way to check a certificate on the client side. So there is one way to protect the user for ssl hacking using SSL pinning or CN comparision.
Please a this functionality or a way that makes it possible building serious apps for wp8.
Hi, my problem same as M.Irfan, anyone can give some help ?
M. Irfan commented
Is there any update on it? Is there any alternative solution to use WCF server with self signed certificate in WP8 application? My service is giving error "Not found". Please help
Rui Marinho commented
This is still missing in windows phone 8, and it's even harder ... installing the certificate by hand doesn't work either.
Please add the ServicePointManager class.
For those that want easily, cheaply and securely protect their web APIs from being accessed by others, https+basic auth is the solution. Unfortunately without a class like ServicePointManager I can't use my own cert files to protect my own API.
Ulf Skoglund commented
Fully agreed. This is needed.
Andrew Byrne commented
Hi, for information about SSL Root Certificates for Windows Phone, check out http://msdn.microsoft.com/en-us/library/gg521150(v=VS.92).aspx
I have been able to test self-signed certs with a Windows Phone app, but I owned both ends of the pipe- the Windows Phone app and the Azure cloud service that was hosting the service to which I wanted to communicate. Installing the self-signed cert by sending it to yourself in hotmail was the way to go.
Chiranjit Mishra commented
I am trying to call HTTPS from windows phone 7.5 application.Though it is called successfully for HTTPS having certificate from trusted source like VeriSign,but it is returning an exception that remote server not found error for Self Signed Certificate.I have installed my self signed certficate in the device sending it by mail and called HTTPS like HTTP,but it didn't work.
So can anyone suggest how to call HTTPS having Self Signed Certificate?Whether it is possible or not for Self Signed Certificate?
Thomas Kistrup commented
This is a must have, need to ignore the “address does not match the address in the security certificate” I can’t change the server certificate to match the URL. My app is useless if I can’t control the certificate validation process.
Definitely need a way to validate SSL connections that are rejected as invalid by the platform, like what ServicePointManager provides in the full .NET framework. This is a huge limitation for the platform, especially for debugging. You can't always control the SSL certificate of the servers you connect with.
Best many of our applications are secured and if win phone won't provide it then there is no use for us to built application for windows phone