/n software inc. - Knowledge Base Entry

Knowledge Base Entry

SSL: server certificate verification failed

Date Entered: 10/8/2001

Last Update: 06/05/2008

APPLIES TO

FDMS Integrator

FedEx Integrator

PayPal Integrator

E-Payment Integrator

Paymentech Integrator

USPS Integrator

TSYS Integrator

Enterprise Adapters

IP*Works! SSL

Red Carpet Subscription

SYNOPSIS

When I attempt to connect, I get an error that the server certificate verification failed.

SOLUTION

When establishing an SSL connection, the server always presents a certificate to the connecting client. The client then checks the system to see if the server certificate is valid (certificate validity dates, certificate CN matches the name of the remote host, certificate issuing authority is trusted, etc). if the certificate is not valid, you'll get the error "server certificate verification failed".

In order to resolve this problem, you can:

Get a Valid Server Certificate installed on the web server.
Accept the certificate programmatically.
Install the public key of the server certificate issuing authority in the trusted CA store of the client machine.

In order to accept the certificate programmatically, you can either:

Set the SSLAcceptServerCert property to the base64 encoded public key of the certificate to accept, prior to connecting. Note in version 8 of our products this property is a Certificate type. Consult the documentation for more detail.
Use the SSLServerAuthentication event to examine the server certificate and set the Accept parameter to true.

If you are using our BizTalk adapters or SSIS tasks you may also set the SSLAcceptServerCert property to "ANY" or "ALL" to accept any certificate presented by the server. In version 8 of our products you may also tell the components to accept any certificate by setting the AcceptAnyServerCert configuration setting.

Example:

C# - Version 8 
ftps1.SSLAcceptServerCert = new Certificate("..\\cert.cer");

//Or

ftps1.SSLAcceptServerCert = new Certificate(myBytes);
//Where myBytes is a byte array representing the encoded certificate. 
//To obtain the encoded certificate you may examine the CertEncoded parameter of the
//SSLServerAuthentication event

C# - Previous Versions
ftps1.SSLAcceptServerCert = "-----BEGIN CERTIFICATE-----MIIDojCCAwugAwIBAgIJAPC...";

//Or

ftps1.SSLAcceptServerCertB = myBytes;
//Where myBytes is a byte array representing the encoded certificate. 
//To obtain the encoded certificate you may examine the CertEncoded parameter of the
//SSLServerAuthentication event

Or in the SSLServerAuthentication event:

 e.Accept = true

*Warning* - Accepting non-trusted certificates may cause a potential security risk; though data will be encrypted, the identity of the server will not have been authenticated.