Calling WCF services with an invalid SSL certificate

A useful little snippet when using WCF with web services that have test SSL certificates.

When you call a service in WCF it’s still using the underlying .NET classes in System.Net so it’s actually here that you need to tell to ignore the invalid SSL certificate.

As it turns out this is very easy, all you need is the snippet below and it’s good. Obviously you shouldn’t deploy to a live environment with this code since it essentially says all certificates are valid but it’s a handy trick to get a service working with any SSL certificate for testing.

ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => { return true; };

Using SSL certs from IIS on WHS with Apache

I recently installed a Subversion server on my WHS box. In the past I’ve usually installed and configured Apache and mod_svn myself, but this time I decided to use the pre-packaged version from the people behind VisualSVN.

This version still uses Apache as the server however. Now I don’t like sending passwords in the clear over the net, especially to things like a source repository. The default install of VisualSVN does support SSL and comes with an SSL cert that you can use. However, since I have a cert for my WHS box anyway I thought it would be nice to be able to reuse that. In the end it was quite easy, the steps are below.

  • Download OpenSSL from http://www.slproweb.com/products/Win32OpenSSL.html. You can download the Light version for this.
  • Install on the machine you are going to work on (I did this on my desktop, doesn’t have to be WHS).
  • Ensure that the OpenSSL bin directory is in your path (makes things easier)
  • Export the cert from IIS or certmgr.msc on the WHS
  • In IIS go to site properties for the WHS site and then directory security and click the server certificate button
    • Then select export a current certificate and give it a filename
  • Make sure you export the private key along with the cert (IIS export does this automatically) but using certmgr.msc you’ll need to select it
  • Use OpenSSL to extract the private key and cert
  • First export the key into a passworded file, then export the cert, finally remove the password from the key so Apache / VisualSVN can use it
    • openssl pkcs12 –in mycert.pfx –nocerts –out key.pem
    • openssl pkcs12 –in mycert.pfx –clcerts –nokeys –out cert.pem
    • openssl rsa –in key.pem –out server.key
  • Finally you have a cert (cert.pem) and key (server.key) you can use with Apache and VisualSVN. Just update the httpd.conf files to use those files. I dropped them into c:\certs on my box so I can share them between multiple apps.