How can we improve the Windows dev platform?

Self Signed Certification SSL HTTPS

For those of us wanting to provide free applications it would be nice if the WP7 supported self signed certs or the very least a widely known free SSL authority.

Add ServicePointManager.

Or at the very least add a free service to your accepted list of SSL authorities. Like cacert.org for instance.

185 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    TemplarianTemplarian shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Jani LirkkiJani Lirkki shared a merged idea: Support SSL certificate pinning  ·   · 

    32 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Holger KreisslHolger Kreissl commented  ·   ·  Flag as inappropriate

        We are developing a security critical application for WP8 and we cannot believe that there is no way to check a certificate on the client side. So there is one way to protect the user for ssl hacking using SSL pinning or CN comparision.
        Please a this functionality or a way that makes it possible building serious apps for wp8.

      • M. IrfanM. Irfan commented  ·   ·  Flag as inappropriate

        Is there any update on it? Is there any alternative solution to use WCF server with self signed certificate in WP8 application? My service is giving error "Not found". Please help

      • Rui MarinhoRui Marinho commented  ·   ·  Flag as inappropriate

        This is still missing in windows phone 8, and it's even harder ... installing the certificate by hand doesn't work either.

        Please add the ServicePointManager class.

      • kktrekktre commented  ·   ·  Flag as inappropriate

        This.
        For those that want easily, cheaply and securely protect their web APIs from being accessed by others, https+basic auth is the solution. Unfortunately without a class like ServicePointManager I can't use my own cert files to protect my own API.

      • Andrew ByrneAndrew Byrne commented  ·   ·  Flag as inappropriate

        Hi, for information about SSL Root Certificates for Windows Phone, check out http://msdn.microsoft.com/en-us/library/gg521150(v=VS.92).aspx

        I have been able to test self-signed certs with a Windows Phone app, but I owned both ends of the pipe- the Windows Phone app and the Azure cloud service that was hosting the service to which I wanted to communicate. Installing the self-signed cert by sending it to yourself in hotmail was the way to go.

      • Chiranjit MishraChiranjit Mishra commented  ·   ·  Flag as inappropriate

        Hi All,

        I am trying to call HTTPS from windows phone 7.5 application.Though it is called successfully for HTTPS having certificate from trusted source like VeriSign,but it is returning an exception that remote server not found error for Self Signed Certificate.I have installed my self signed certficate in the device sending it by mail and called HTTPS like HTTP,but it didn't work.

        So can anyone suggest how to call HTTPS having Self Signed Certificate?Whether it is possible or not for Self Signed Certificate?



        Thanks

      • Thomas KistrupThomas Kistrup commented  ·   ·  Flag as inappropriate

        This is a must have, need to ignore the “address does not match the address in the security certificate” I can’t change the server certificate to match the URL. My app is useless if I can’t control the certificate validation process.

      • RyanRyan commented  ·   ·  Flag as inappropriate

        Definitely need a way to validate SSL connections that are rejected as invalid by the platform, like what ServicePointManager provides in the full .NET framework. This is a huge limitation for the platform, especially for debugging. You can't always control the SSL certificate of the servers you connect with.

      • NeerajNeeraj commented  ·   ·  Flag as inappropriate

        Best many of our applications are secured and if win phone won't provide it then there is no use for us to built application for windows phone

      ← Previous 1 2 Next →

      Feedback and Knowledge Base