The remote certificate is invalid according to the validation procedure

If you get “The remote certificate is invalid according to the validation procedure” exception while trying to establish SSL connection, most likely your server certificate is self-signed or you are using incorrect host name to connect (Host name must match the name on certificate, for example imap.example.com and example.com may point to the same server, but certificate is issued only to imap.example.com and this is the address you should use).

You can accept self-signed certificates using Mail.dll SMTP, POP3 and IMAP component.

First you need to subscribe to ServerCertificateValidate event.

Then you need to create ValidateCertificate method that validates the certificate (ignores name mismatch and certificate chain errors).

The sample below focuses on Imap class but exactly the same steps apply to Pop3 and Smtp classes.

// C# version

using System.Net.Security;
using System;
using Limilabs.Mail;
using Limilabs.Client.IMAP;

internal class Program
{
    private static void Main(string[] args)
    {
        using (Imap client = new Imap())
        {
            // we will use custom validation
            client.ServerCertificateValidate +=
                new ServerCertificateValidateEventHandler(Validate);

            // Minimalistic version to accept any certificate:
            //client.ServerCertificateValidate += 
            //    (sender, e) => { e.IsValid = true; };

            client.ConnectSSL("server.example.com");
            client.Login("user", "password");

            foreach (long uid in client.GetAll())
            {
                IMail email = new MailBuilder().CreateFromEml(
                    client.GetMessageByUID(uid));
                Console.WriteLine("subject: {0}", email.Subject);
            }

            client.Close();
        }
    }

    private static void Validate(
        object sender,
        ServerCertificateValidateEventArgs e)
    {
        const SslPolicyErrors ignoredErrors =
            SslPolicyErrors.RemoteCertificateChainErrors |  // self-signed
            SslPolicyErrors.RemoteCertificateNameMismatch;  // name mismatch

        string nameOnCertificate = e.Certificate.Subject;

        if ((e.SslPolicyErrors & ~ignoredErrors) == SslPolicyErrors.None)
        {
            e.IsValid = true;
            return;
        }
        e.IsValid = false;
    }

} ;
' VB.NET version

Imports System.Net.Security
Imports System
Imports Limilabs.Mail
Imports Limilabs.Client.IMAP

Public Module Module1


    Public Sub Main(ByVal args As String())
        Using client As New Imap()
            ' we will use custom validation
            AddHandler client.ServerCertificateValidate, AddressOf ValidateCertificate

            client.ConnectSSL("server.example.com")
            client.Login("user", "password")

            For Each uid As Long In client.GetAll()
                Dim email As IMail = New MailBuilder().CreateFromEml( _
                    client.GetMessageByUID(uid))
                Console.WriteLine("subject: {0}", email.Subject)
            Next

            client.Close()
        End Using
    End Sub

    Private Sub ValidateCertificate( _
       ByVal sender As Object, _
       ByVal e As ServerCertificateValidateEventArgs)

       Const ignoredErrors As SslPolicyErrors = _
           SslPolicyErrors.RemoteCertificateChainErrors Or _    ' self-signed
           SslPolicyErrors.RemoteCertificateNameMismatch        ' name mismatch

       Dim nameOnCertificate As String = e.Certificate.Subject

        If (e.SslPolicyErrors And Not ignoredErrors) = SslPolicyErrors.None Then
           e.IsValid = True
           Return
        End If
        e.IsValid = False
    End Sub

End Module

Tags: , , , , , ,

8 Responses to “The remote certificate is invalid according to the validation procedure”

  1. A connection attempt failed Says:

    […] The remote certificate is invalid according to the validation procedure […]

  2. aroy Says:

    I’m trying to connect to an Exchange Server. I have bypassed the certificate problems by using the “minimalistic” version described above, with the delegate (s, e) => {e.IsValid = true;}. But I keep getting the message, “No connection could be made because the target machine actively refused it.”

    The credentials are definitely correct. Any idea what could be causing the problem?

    Thanks.

  3. Limilabs support Says:

    @aroy,

    It seems you have problem with connection, rather then certificate validation or authentication/authorization.
    If it’s Exchange you most likely forgot to turn IMAP on. Please check this blog post for details on how to resole this issue:
    http://www.limilabs.com/blog/connection-attempt-failed

  4. Use SSL with SMTP | Blog | Limilabs Says:

    […] If you are using self-signed certificates you may encounter this error: The remote certificate is invalid according to the validation procedure. […]

  5. Use SSL with IMAP | Blog | Limilabs Says:

    […] If you are using self-signed certificates you may encounter this error: The remote certificate is invalid according to the validation procedure. […]

  6. Use SSL with POP3 | Blog | Limilabs Says:

    […] If you are using self-signed certificates you may encounter this error: The remote certificate is invalid according to the validation procedure. […]

  7. James Says:

    there is no such event handler in the MailForWindowsStore.dll. How can I stop this error from a windows store application?

  8. Limilabs support Says:

    @James,

    First make sure you are using correct server address (e.g. imap.gmail.com and not mail.gmail.com), most public servers use correct certificates, not self-signed ones.
    I think there is no way to intercept the certificate validation process in Metro apps (StreamSocket class doesn’t allow this). It is possible to workaround this by including the private root and CA certificates in the application, although I haven’t done it personally, so I can’t provide you any details.

Questions?

Consider using our Q&A forum for asking any questions.