The remote certificate is invalid according to the validation procedure
If you get “The remote certificate is invalid according to the validation procedure” exception while trying to establish SSL/TLS connection using Mail.dll SMTP, POP3 and IMAP .NET component, most likely your server certificate is self-signed or you are using incorrect host name to connect.
Incorrect host name
Host name must match the name on certificate: for example imap.example.com and example.com may point to the same server, but if the certificate is issued to imap.example.com only, this is the only address you should use.
Double check if the name you pass to Connect or ConnectSSL method is correct and matches the certificate.
Self-signed certificates
You can accept self-signed certificates using Mail.dll SMTP, POP3 and IMAP .net clients.
First you need to subscribe to ServerCertificateValidate event, so you can manually verify the certificate presented by the server.
Then you should create a Validate method, that validates the certificate (ignores name mismatch and certificate chain errors, as self signed certs are not signed by the proper CA).
The sample below focuses on Imap class, but exactly the same steps apply to Pop3 and Smtp clients:
C# code
using System.Net.Security;
using System;
using Limilabs.Mail;
using Limilabs.Client.IMAP;
internal class Program
{
private static void Main(string[] args)
{
using (Imap client = new Imap())
{
// Use custom certificate validation:
client.ServerCertificateValidate +=
new ServerCertificateValidateEventHandler(Validate);
// Minimalistic version to accept any certificate:
//
// client.ServerCertificateValidate +=
// (sender, e) => { e.IsValid = true; };
client.ConnectSSL("server.example.com");
client.UseBestLogin("user", "password");
foreach (long uid in client.GetAll())
{
var eml = client.GetMessageByUID(uid);
IMail email = new MailBuilder()
.CreateFromEml(eml);
Console.WriteLine("subject: {0}", email.Subject);
}
client.Close();
}
}
private static void Validate(
object sender,
ServerCertificateValidateEventArgs e)
{
const SslPolicyErrors ignoredErrors =
// self-signed
SslPolicyErrors.RemoteCertificateChainErrors
// name mismatch
| SslPolicyErrors.RemoteCertificateNameMismatch;
string nameOnCertificate = e.Certificate.Subject;
if ((e.SslPolicyErrors & ~ignoredErrors)
== SslPolicyErrors.None)
{
e.IsValid = true;
return;
}
e.IsValid = false;
}
} ;
Visual Basic .NET code
Imports System.Net.Security
Imports System
Imports Limilabs.Mail
Imports Limilabs.Client.IMAP
Public Module Module1
Public Sub Main(ByVal args As String())
Using client As New Imap()
' Use custom certificate validation:
AddHandler client.ServerCertificateValidate, AddressOf Validate
client.ConnectSSL("server.example.com")
client.UseBestLogin("user", "password")
For Each uid As Long In client.GetAll()
Dim email As IMail = New MailBuilder().CreateFromEml( _
client.GetMessageByUID(uid))
Console.WriteLine("subject: {0}", email.Subject)
Next
client.Close()
End Using
End Sub
Private Sub Validate( _
ByVal sender As Object, _
ByVal e As ServerCertificateValidateEventArgs)
Const ignoredErrors As SslPolicyErrors = _
' self-signed
SslPolicyErrors.RemoteCertificateChainErrors _
' name mismatch
Or SslPolicyErrors.RemoteCertificateNameMismatch
Dim nameOnCertificate As String = e.Certificate.Subject
If (e.SslPolicyErrors And Not ignoredErrors) = SslPolicyErrors.None Then
e.IsValid = True
Return
End If
e.IsValid = False
End Sub
End Module
November 15th, 2014 at 13:26
[…] The remote certificate is invalid according to the validation procedure […]
November 4th, 2015 at 15:47
I’m trying to connect to an Exchange Server. I have bypassed the certificate problems by using the “minimalistic” version described above, with the delegate (s, e) => {e.IsValid = true;}. But I keep getting the message, “No connection could be made because the target machine actively refused it.”
The credentials are definitely correct. Any idea what could be causing the problem?
Thanks.
November 5th, 2015 at 10:13
@aroy,
It seems you have problem with connection, rather then certificate validation or authentication/authorization.
If it’s Exchange you most likely forgot to turn IMAP on. Please check this blog post for details on how to resole this issue:
http://www.limilabs.com/blog/connection-attempt-failed
May 8th, 2016 at 17:54
[…] If you are using self-signed certificates you may encounter this error: The remote certificate is invalid according to the validation procedure. […]
May 8th, 2016 at 18:00
[…] If you are using self-signed certificates you may encounter this error: The remote certificate is invalid according to the validation procedure. […]
May 8th, 2016 at 18:01
[…] If you are using self-signed certificates you may encounter this error: The remote certificate is invalid according to the validation procedure. […]
July 12th, 2017 at 19:50
there is no such event handler in the MailForWindowsStore.dll. How can I stop this error from a windows store application?
July 13th, 2017 at 09:42
@James,
First make sure you are using correct server address (e.g. imap.gmail.com and not mail.gmail.com), most public servers use correct certificates, not self-signed ones.
I think there is no way to intercept the certificate validation process in Metro apps (StreamSocket class doesn’t allow this). It is possible to workaround this by including the private root and CA certificates in the application, although I haven’t done it personally, so I can’t provide you any details.