{"id":1295,"date":"2010-10-25T15:44:20","date_gmt":"2010-10-25T13:44:20","guid":{"rendered":"http:\/\/www.limilabs.com\/blog\/?p=1295"},"modified":"2023-08-07T15:25:23","modified_gmt":"2023-08-07T13:25:23","slug":"the-remote-certificate-is-invalid-according-to-the-validation-procedure","status":"publish","type":"post","link":"https:\/\/www.limilabs.com\/blog\/the-remote-certificate-is-invalid-according-to-the-validation-procedure","title":{"rendered":"The remote certificate is invalid according to the validation procedure"},"content":{"rendered":"\n<p>If you get &#8220;The remote certificate is invalid according to the validation procedure&#8221; exception while trying to establish SSL\/TLS connection using Mail.dll <a href=\"\/mail\">SMTP, POP3 and IMAP .NET component<\/a>, most likely your server certificate is <strong>self-signed<\/strong> or you are using <strong>incorrect host name<\/strong> to connect.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Incorrect host name<\/h2>\n\n\n\n<p>Host name must match the name on certificate: for example <em>imap.example.com<\/em> and <em>example.com<\/em> may point to the same server, but if the certificate is issued to <em>imap.example.com<\/em> only, this is the only address you should use.<\/p>\n\n\n\n<p>Double check if the name you pass to <code>Connect<\/code> or <code>ConnectSSL<\/code> method is correct and matches the certificate.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Self-signed certificates<\/h2>\n\n\n\n<p>You can accept <strong>self-signed certificates<\/strong> using Mail.dll <a href=\"\/mail\">SMTP, POP3 and IMAP .net clients<\/a>.<\/p>\n\n\n\n<p>First you need to subscribe to <code>ServerCertificateValidate<\/code><em> <\/em>event, so you can manually verify the certificate presented by the server.<\/p>\n\n\n\n<p>Then you should create a <code>Validate<\/code> method, that validates the certificate (ignores name mismatch and certificate chain errors, as self signed certs are not signed by the proper CA).<\/p>\n\n\n\n<p>The sample below focuses on <code>Imap<\/code> class, but exactly the same steps apply to <code>Pop3<\/code> and <code>Smtp<\/code> clients:<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">C# code<\/h2>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: csharp; title: ; notranslate\" title=\"\">\nusing System.Net.Security;\nusing System;\nusing Limilabs.Mail;\nusing Limilabs.Client.IMAP;\n\ninternal class Program\n{\n    private static void Main(string&#x5B;] args)\n    {\n        using (Imap client = new Imap())\n        {\n            \/\/ Use custom certificate validation:\n            client.ServerCertificateValidate +=\n                new ServerCertificateValidateEventHandler(Validate);\n\n            \/\/ Minimalistic version to accept any certificate:\n            \/\/ \n            \/\/ client.ServerCertificateValidate +=\n            \/\/    (sender, e) =&gt; { e.IsValid = true; };\n\n            client.ConnectSSL(&quot;server.example.com&quot;);\n            client.UseBestLogin(&quot;user&quot;, &quot;password&quot;);\n\n            foreach (long uid in client.GetAll())\n            {\n                var eml = client.GetMessageByUID(uid);\n                IMail email = new MailBuilder()\n                    .CreateFromEml(eml);\n\n                Console.WriteLine(&quot;subject: {0}&quot;, email.Subject);\n            }\n\n            client.Close();\n        }\n    }\n\n    private static void Validate(\n        object sender,\n        ServerCertificateValidateEventArgs e)\n    {\n        const SslPolicyErrors ignoredErrors =\n            \/\/ self-signed\n            SslPolicyErrors.RemoteCertificateChainErrors\n            \/\/ name mismatch\n            |  SslPolicyErrors.RemoteCertificateNameMismatch;  \n\n        string nameOnCertificate = e.Certificate.Subject;\n\n        if ((e.SslPolicyErrors &amp; ~ignoredErrors) \n            == SslPolicyErrors.None)\n        {\n            e.IsValid = true;\n            return;\n        }\n        e.IsValid = false;\n    }\n} ;\n<\/pre><\/div>\n\n\n<h2 class=\"wp-block-heading\">Visual Basic .NET code<\/h2>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: vb; title: ; notranslate\" title=\"\">\nImports System.Net.Security\nImports System\nImports Limilabs.Mail\nImports Limilabs.Client.IMAP\n\nPublic Module Module1\n\n  Public Sub Main(ByVal args As String())\n    Using client As New Imap()\n      ' Use custom certificate validation:\n      AddHandler client.ServerCertificateValidate, AddressOf Validate\n\n      client.ConnectSSL(\"server.example.com\")\n      client.UseBestLogin(\"user\", \"password\")\n\n      For Each uid As Long In client.GetAll()\n        Dim email As IMail = New MailBuilder().CreateFromEml( _\n          client.GetMessageByUID(uid))\n\n        Console.WriteLine(\"subject: {0}\", email.Subject)\n      Next\n\n      client.Close()\n    End Using\n  End Sub\n\n  Private Sub Validate( _\n     ByVal sender As Object, _\n     ByVal e As ServerCertificateValidateEventArgs)\n\n     Const ignoredErrors As SslPolicyErrors = _\n          ' self-signed\n          SslPolicyErrors.RemoteCertificateChainErrors _\n          ' name mismatch\n          Or SslPolicyErrors.RemoteCertificateNameMismatch        \n\n     Dim nameOnCertificate As String = e.Certificate.Subject\n\n      If (e.SslPolicyErrors And Not ignoredErrors) = SslPolicyErrors.None Then\n         e.IsValid = True\n         Return\n      End If\n      e.IsValid = False\n  End Sub\n\nEnd Module\n<\/pre><\/div>","protected":false},"excerpt":{"rendered":"<p>If you get &#8220;The remote certificate is invalid according to the validation procedure&#8221; exception while trying to establish SSL\/TLS connection using Mail.dll SMTP, POP3 and IMAP .NET component, most likely your server certificate is self-signed or you are using incorrect host name to connect. Incorrect host name Host name must match the name on certificate: [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[15,28,42,50,53,83,57],"class_list":["post-1295","post","type-post","status-publish","format-standard","hentry","category-mail-dll","tag-c","tag-imap","tag-pop3","tag-smtp","tag-ssl","tag-tls","tag-vb-net"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/1295"}],"collection":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/comments?post=1295"}],"version-history":[{"count":13,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/1295\/revisions"}],"predecessor-version":[{"id":6529,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/posts\/1295\/revisions\/6529"}],"wp:attachment":[{"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/media?parent=1295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/categories?post=1295"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.limilabs.com\/blog\/wp-json\/wp\/v2\/tags?post=1295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}