The remote certificate is invalid according to the validation procedure. using Gmail SMTP server
Warning: Do not use this in production code!
As a workaround, you can switch off certificate validation. Only ever do this to obtain confirmation that the error is being thrown because of a bad certificate.
Call this method before you call smtpclient.Send()
:
[Obsolete("Do not use this in Production code!!!",true)]
static void NEVER_EAT_POISON_Disable_CertificateValidation()
{
// Disabling certificate validation can expose you to a man-in-the-middle attack
// which may allow your encrypted message to be read by an attacker
// https://stackoverflow.com/a/14907718/740639
ServicePointManager.ServerCertificateValidationCallback =
delegate (
object s,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors
) {
return true;
};
}
The remote certificate is invalid according to the validation procedure
This usually occurs because either of the following are true:
- The certificate is self-signed and not added as a trusted certificate.
- The certificate is expired.
- The certificate is signed by a root certificate that's not installed on your machine.
- The certificate is signed using the fully qualified domain address of the server. Meaning: cannot use "xyzServerName" but instead must use "xyzServerName.ad.state.fl.us" because that's basically the server name as far as the SSL cert is concerned.
- A revocation list is probed, but cannot be found/used.
- The certificate is signed via intermediate CA certificate and server does not serve that intermediate certificate along with host certificate.
Try getting some information about the certificate of the server and see if you need to install any specific certs on your client to get it to work.
How to fix Remote certificate is invalid according to the validation procedure
To be fair, the underlying problem should be checked/corrected.
You can control how MailKit does the server certificate validation using a ServerCertificateValidationCallback
For debugging purposes you could return true;
in the callback function.
Code from the MailKit documentation:
using (var client = new MailKit.Net.Smtp.SmtpClient())
{
// Set our custom SSL certificate validation callback.
client.ServerCertificateValidationCallback = MySslCertificateValidationCallback;
client.Timeout = 30000;
client.Connect("servername", 587, true);
client.Authenticate("Username", "password");
client.Send(message);
client.Disconnect(true);
}
static bool MySslCertificateValidationCallback (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
// If there are no errors, then everything went smoothly.
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
// Note: MailKit will always pass the host name string as the `sender` argument.
var host = (string) sender;
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNotAvailable) != 0) {
// This means that the remote certificate is unavailable. Notify the user and return false.
Console.WriteLine ("The SSL certificate was not available for {0}", host);
return false;
}
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) != 0) {
// This means that the server's SSL certificate did not match the host name that we are trying to connect to.
var certificate2 = certificate as X509Certificate2;
var cn = certificate2 != null ? certificate2.GetNameInfo (X509NameType.SimpleName, false) : certificate.Subject;
Console.WriteLine ("The Common Name for the SSL certificate did not match {0}. Instead, it was {1}.", host, cn);
return false;
}
// The only other errors left are chain errors.
Console.WriteLine ("The SSL certificate for the server could not be validated for the following reasons:");
// The first element's certificate will be the server's SSL certificate (and will match the `certificate` argument)
// while the last element in the chain will typically either be the Root Certificate Authority's certificate -or- it
// will be a non-authoritative self-signed certificate that the server admin created.
foreach (var element in chain.ChainElements) {
// Each element in the chain will have its own status list. If the status list is empty, it means that the
// certificate itself did not contain any errors.
if (element.ChainElementStatus.Length == 0)
continue;
Console.WriteLine ("\u2022 {0}", element.Certificate.Subject);
foreach (var error in element.ChainElementStatus) {
// `error.StatusInformation` contains a human-readable error string while `error.Status` is the corresponding enum value.
Console.WriteLine ("\t\u2022 {0}", error.StatusInformation);
}
}
return false;
}
C# The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
Primary problem with RemoteCertificateNameMismatch
error is because of subject mismatch between subject specified in remote certificate and address you are connecting to. I suspect that remote certificate is issued against some DNS name, but you are connecting to IP address which apparently isn't specified in certificate subject/SAN extension. You need to ensure that remote certificate's SAN extension contains the address you are connecting to.
There is insufficient information to debug RemoteCertificateChainErrors
error. You need to attach a debugger and retrieve exact errors.
Exception thrown: The remote certificate is invalid according to the validation procedure
When you run the code using VS 2019, it installs a self-signed certificate on your machine for https redirection. (a message box is displayed informing the certificate installation).
But VS code doesn't do it for you.
Read this doc should help : https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-3.0&tabs=visual-studio#trust-the-aspnet-core-https-development-certificate-on-windows-and-macos
You can try to run this commands
dotnet dev-certs https --clean
dotnet dev-certs https --trust
The remote certificate is invalid according to the validation procedure using HttpClient
The issue you are experiencing is because the subject CN presented by the certificate does not match the host name in the Uri.
Make sure that the certificate bound to the public IP address of the host does have a matching CN with the host name you are using to access the resource.
To easily verify, open the Url in a browser and view the certificate.
The Issued to field should contain a FQDN and match the host name part in the Uri. In your case, it does not.
The remote certificate is invalid according to the validation procedure for SqlClient
After I started looking into why the remote certificate (SQL) was invalid, I changed my connection string to include TrustServerCertificate=True. Since this is a demo environment and I kept Encrypt=True, then it looks like this fixed everything! If anyone thinks bypassing walking the server certs is a bad idea, let me know too.
"DefaultConnection": "Server={my-external-IP},1433;Initial Catalog=mhcdb;Persist Security Info=False;User ID={sqlusername};Password={sqlpassword};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;"
Related Topics
Xdocument: Saving Xml to File Without Bom
Writing String at the Same Position Using Console.Write in C# 2.0
A Dictionary Object That Uses Ranges of Values for Keys
Why Do Members of a Static Class Need to Be Declared as Static? Why Isn't It Just Implicit
Redirecting Output to the Text File C#
How to Implement Automatic Sorting of Datagridview
Xml Validation Using Xsd Schema
Xmlserializer - There Was an Error Reflecting Type
Creating a Proxy to Another Web API with ASP.NET Core
Why Use Asqueryable() Instead of List()
Datetimepicker: Pick Both Date and Time
Pair Bluetooth Devices to a Computer with 32Feet .Net Bluetooth Library