C# SSL/TLS HTTPS & legit/trusted certificate error

Question

recently I've obtained a certificate signed by a trusted CA from LetsEncrypt. As you know this is an Intermediate CA that submits the certificates to DST Root CA X3.

I have setup the certificate for four different URLS, this is just an example:

Subject: CN=domain.com

SubjectAltName (SAN): www.domain.com,domain.com,www.subdomain.com,subdomain.com

Well, When I try to connect to https://www.subdomain.com/index it throws me an exception telling that "Invalid certificate received from server".

I know that I'm not mistaken, since I can visit my subdomain from any computer and conventional browser. I'm very familiarized with TLS Handshake and PKI standards and the X509v3 RFCs states that all the certificates should be validated with the SAN (SubjectAltName) field if not empty, if empty, use CN but it's considered deprecated.

So what's happening here? Is WebRequest/HttpWebRequest not validating certificates in the proper way (as the RFC states)? Well, I hope so, they are ignoring SAN extension.

I'm using the latest MonoDevelop in Fedora 23 x64, if that helps. And yes, again, my certificate is legit and valid 100%.

Kind regards!

Answer 1

Solved! As I can see Mono's certificate store didn't contain certificates, not even Google's, so I ran the following command to add the Root CA of LetsEncrypt:

sudo certmgr -ssl linktohttpsdomain

certmgr -ssl linktohttpsdomain

where linktohttpsdomain equals to your subdomain via https, sorry StackOverFlow still don't allow me to post more than 2 links by post.

Also, there's another way. You can add Mozilla's root certificates from its DB running the following command:

mozroots --import --sync

The following output will appear:

Importing certificates into user store...
140 new root certificates were added to your trust store.
Import process completed.