RestSharp - Ignore SSL errors

Question

Is there any whay that I can get RestSharp to ignore errors in SSL certificates? I have a test client, and the service I connect to does not yet have a valid cetificate.

When I make a request now I get the error:

The underlying connection was closed: Could not establish trust 
relationship for the SSL/TLS secure channel.

The answer is in here but I can't turn it into a real one from my phone http://www.west-wind.com/weblog/posts/2011/Feb/11/HttpWebRequest-and-Ignoring-SSL-Certificate-Errors — John Sheehan, May 01 '12 at 16:31
Great - I have updated the question with the answer. But post a "real" answer and I'll accept it :-) — Michael Skarum, May 02 '12 at 09:26
It's generally better to import the test certificates in the test clients trust anchors, rather than ignoring certificate verification altogether. Firstly, it's more realistic; secondly, you avoid to leave this sort of insecure code in your final product. — Bruno, May 02 '12 at 19:25
I'd say it is better to write an answer to your question instead of baking in the answer in the question. — Johan Larsson, Jun 20 '13 at 08:01

score 103 · Accepted Answer · edited Feb 02 '22 at 19:08

103

As John suggested:

ServicePointManager.ServerCertificateValidationCallback +=
        (sender, certificate, chain, sslPolicyErrors) => true;

edited Feb 02 '22 at 19:08

phoenix

7,988
6
39
45

answered Jun 21 '13 at 12:11

Michael Skarum

2,448
3
18
20

7

Works, but that's not great considering it's setting a global behavior. – talles Jun 29 '16 at 19:10
1

You can check `sender.Address` to only return `true` when this is an host for which you're OK to bypass the SSL validation. – Erwin Mayer Mar 16 '19 at 14:18
There is another answer below that shows how to set this on your RestClient object instead of globally. – JamesHoux Aug 26 '19 at 20:25

score 100 · Answer 2 · edited May 11 '22 at 18:29

You can bypass ssl check

In object level:

(Using RestSharp v106.0.0 but before v107)

//bypass ssl validation check by using RestClient object
var restClient = new RestClient(baseUrl);
restClient.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;

(Using RestSharp 107 according to the migration guide)

//bypass ssl validation check by using RestClient object
var options = new RestClientOptions(baseurl) {
    RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
};
var restClient = new RestClient(options);

OR

In application level:

//bypass ssl validation check globally for whole application.
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;

This appears to no longer be an option in ReshSharp 107. I've tried creating RestClientOptions with the RemoteCertificateValidationCallback being set but it doesn't appear to work. If I rollback to RestSharp 106 your answer works. — Kevin, Feb 17 '22 at 22:42

score 13 · Answer 3 · answered Apr 12 '16 at 02:17

There is a better solution than modifying your code. Ideally you want a solution that will simulate the conditions you will see in production and modifying your code won't do that and could be dangerous if you forget to take the code out before you deploy it.

You will need a self-signed certificate of some sort. If you're using IIS Express you will have one of these already, you'll just have to find it. If you don't have it already, open Firefox or whatever browser you like and go to your website. You should be able to view the certificate information from the URL bar and depending on your browser you should be able to export the certificate.

Next, open MMC.exe, and add the Certificate snap-in. Import your certificate file into the Trusted Root Certificate Authorities store and that's all you should need.

Now, your computer as a whole will implicitly trust any certificates that it has generated itself and you won't need to add code to handle this specially. When you move to production it will continue to work provided you have a proper valid certificate installed there.

Sorry, but it is not clear for me, too difficult, unlike the previous solution which just works. I'm not expert in certificates. — Sergey Kulgan, Dec 09 '16 at 11:08
My RestSharp Rest client tries access to the REST service (third-party/external/foreign) that has no valid certificate, when I try open it's site only alert I see in browser near URL: "connection is not secure". And no certificates available to export from the browser, as you write. I have no possibility to purchase certificate for that site/service, because it is not mine I just want to receive some json data from it without error. — Sergey Kulgan, Dec 09 '16 at 11:27

score 0 · Answer 4 · answered Jul 11 '23 at 13:46

For the latest version of RestSharp (v110.2.0):

var options = new RestClientOptions("https://example.com");
options.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;

var client = new RestClient(options);
var request = new RestRequest();

var response = await client.GetAsync(request);

RestSharp - Ignore SSL errors

4 Answers4

You can bypass ssl check

Linked