Certificate authentication with a self-signed certificate

Question

I have a client application (windows service) which sends a request (WebClient.UploadString()) to a web service. I've created a certificate through IIS. This I attach to the WebClient before sending the request. However, I get the following message:

The remote certificate is invalid according to the validation procedure.

I believe this is referring to the server having an invalid certificate, but I am unsure of the best way to make the client trust the server. Eventaully, this web service will be installed on a number of servers as will the windows service so I can't attach the certificate to a single computer. Any ideas?

Answer 1

I don't know your exact situation/setup, but here is some general info on using self-signed certificates.

If you want to use a self-signed certificate you will need to add that certificate to the server's trusted root certificate store.

Basically the server does not trust the certificate used to sign your certificate, which is the certificate itself since it is self-signed.

As an alternative, you can create your own root certificate and add it to the server's trusted root, then use that to sign additional client certificates. This will make it easier because you won't have to install each client certificate on the server, just the root one used to do the signing.

Of course, you can always buy a certificate from a company (GoDaddy, Verisign, etc). These will be signed by a certificate that is already trusted.

Also, there might be ways to bypass the checking, but you probably don't want to do that.