16

I am trying to override the certificate validation in a Windows Store App to accept a self-signed certificate on two external services (using HttpClient) to allow the Windows 8 app to accept the certificates and establish a trust relationship for SSL

EDIT: I implemented the approach documented here : Installing certs by using the appmanifest

and added the relevant .cer files to my application and ensured they are 'Content' and 'Copy Always'.

My package.appxmanifest Extensions section looks like this:

  <Extensions>
<Extension Category="windows.certificates">
  <Certificates>
    <Certificate StoreName="TrustedPeople" Content="Assets\ReportingServices.cer" />
    <Certificate StoreName="TrustedPeople" Content="Assets\Crm.cer" />
    <Certificate StoreName="CA" Content="Assets\DigiCertHighAssurance.cer" />
    <TrustFlags ExclusiveTrust="true" />
    <SelectionCriteria AutoSelect="true" />
  </Certificates>
</Extension>

but this still does not work.

I have tried putting the app certificates in the 'Root' StoreName but still no success. Does anyone have any ideas why this might not work please?

Redeemed1
  • 3,953
  • 8
  • 38
  • 63

3 Answers3

1

This is a bit of old one, but seeing as there are quite a few watchers I will give my solution.

// Create the httpClient and send the request
HttpBaseProtocolFilter aHBPF = new HttpBaseProtocolFilter();
// If you want to ignore expired Certs
aHBPF.IgnorableServerCertificateErrors.Add(ChainValidationResult.Expired);
// Untrused because this is a self signed cert that is not installed
aHBPF.IgnorableServerCertificateErrors.Add(ChainValidationResult.Untrusted);
// Host names and certs names may not match
aHBPF.IgnorableServerCertificateErrors.Add(ChainValidationResult.InvalidName);

HttpClient httpClient = new HttpClient(aHBPF);
HttpResponseMessage response = await httpClient.SendRequestAsync(httpRequest, HttpCompletionOption.ResponseHeadersRead).AsTask(cts.Token);
Ne0
  • 2,688
  • 3
  • 35
  • 49
  • 1
    NeO thanks for this, it looks like an interesting solution and uses the framework well. I have neither the project nor the time anymore to do anything on this. If someone else could try this out to confirm if it works then I can mark it as an answer. – Redeemed1 Aug 18 '14 at 08:12
1

Just to save your time. I got to resolve this for 2 days of trial and error. Here you can solve it. Add the .cer file to your project, Make the build action as "Content", copy as newer then add this to your app manifest

<Capabilities>
    <Capability Name="sharedUserCertificates" />
    <Capability Name="enterpriseAuthentication" />
    <Capability Name="privateNetworkClientServer" />
    <Capability Name="internetClient" />
</Capabilities>


<Extensions>
<Extension Category="windows.certificates">
  <Certificates>
    <Certificate StoreName="Root" Content="Certificates\vibeapi.cer" />
      <TrustFlags ExclusiveTrust="true" />
       <SelectionCriteria AutoSelect="true" />
    </Certificates>
  </Extension>
</Extensions>

and to your code behind you can now access the file using this

//Testing https connection
HttpClientHandler msgHandler = new HttpClientHandler();

using (System.Net.Http.HttpClient httpClient = new System.Net.Http.HttpClient(msgHandler, true))
       {
          var HTTPSURL = new Uri("https://www.sample.net/");


       var response = await httpClient.GetAsync(HTTPSURL);
       var responseStr = await response.Content.ReadAsStringAsync();

       }

see link for reference help

Mary Ann
  • 11
  • 2
0

It will work if you put cer file to the project root and change Content section in manifest file to Content="file.cer"

Roman Abdulmanov
  • 77
  • 2
  • 7
  • I don't have the project available to me any more so I cannot test this. Maybe someone else could try this out to see – Redeemed1 Jun 20 '13 at 15:58