The remote certificate is invalid according to the validation procedure

+2 votes

I have downloaded the sample component but when I try to connect to my own mailserver I get this error (The remote certificate is invalid according to the validation procedure).
When I use Thunderbird with the same parameters the mail is retrieved effortlesly.

When Googling I find a lot of advice to disable checking the remote certificate, but even that I can't get to work.

If I use imap.Connect(hostname) I get the error on logging in, if I use imap.ConnectSSL(hostname) I get the error on connecting.

Thanks in advance!

by
retagged by

1 Answer

0 votes

There are two most likely reasons of this error:

  1. Incorrect host name: host name must match the name on certificate.
    For example imap.example.com and example.com may point to the same server, but certificate is issued only to imap.example.com and this is the address you should use).

  2. Your server is using self-signed certificate

You can accept self-signed certificates using Mail.dll. You need to subscribe to ServerCertificateValidate event:

client.ServerCertificateValidate += 
    (sender, e) => { e.IsValid = true; };
client.ConnectSSL("server.example.com");

More correct approach is not to accept any certificate blindly, but allow only certain certificates and certain error types:

using (Imap client = new Imap())
{
    client.ServerCertificateValidate +=
        new ServerCertificateValidateEventHandler(Validate);

    client.ConnectSSL("server.example.com");
    client.UseBestLogin("user@example.com", "password");

    // IMAP access code goes here.

    client.Close();
}


private static void Validate(
    object sender,
    ServerCertificateValidateEventArgs e)
{
    const SslPolicyErrors ignoredErrors =
        // self-signed
        SslPolicyErrors.RemoteCertificateChainErrors
        // name mismatch
        | SslPolicyErrors.RemoteCertificateNameMismatch;  

    string nameOnCertificate = e.Certificate.Subject;

    if ((e.SslPolicyErrors & ~ignoredErrors) == SslPolicyErrors.None)
    {
        e.IsValid = true;
        return;
    }
    e.IsValid = false;
}

You can find details here:
https://www.limilabs.com/blog/the-remote-certificate-is-invalid-according-to-the-validation-procedure

by (297k points)
...