Discuss this help topic in SecureBlackbox Forum
Validate SSL (HTTPS) certificate
Prior to reading this article, we recommend you to get familiar with general principles of certificate validation described here.
When connecting to an SSL endpoint, it is a must to validate the server certificate. Note that all security offered by the SSL/TLS protocol is compromised if the certificate is not validated properly, and its trust level is not established.
All SSL-capable SecureBlackbox components return server certificates via their OnCertificateValidate event, where you are expected to return the validation result. TLS server will often send you a chain of certificates, each one returned by an independent OnCertificateValidate event invocation.
If you use TElX509CertificateValidator component for validating SSL/TLS certificates (we highly recommend you to do so), all intermediate CA and root certificates will be validated anyway within the general chain validation procedure. Therefore, you may ignore all OnCertificateValidate invocations except the one reporting the server endpoint certificate. A typical OnCertificateValidate event handler will have the following look:
private void SecureClient_OnCertificateValidate(object Sender, SBX509.TElX509Certificate Certificate, ref TSBCertificateValidity Validity, ref int Reason)
{
Validity = TSBCertificateValidity.cvInvalid;
Reason = 0;
if ((Certificate.Chain == null) || (Certificate.Chain.get_Certificates(0) == Certificate))
{
CertificateValidator.ValidateForSSL(Certificate,
SecureClient.RemoteHost, // server address
SecureClient.RemoteIP, // server IP
TSBHostRole.hrServer,
null, // no additional certificates
true, // validating the whole chain
DateTime.UtcNow, // validating it now
ref Validity,
ref Reason
);
}
else
{
Validity = TSBCertificateValidity.cvOk; // skipping any intermediate and root certificates
}
}