untrusted and selfsigned certificate to WCF client (Android, 8.1)?

[svetislavvuksanovic]

Hi,
I'm having hard time setting untrusted selfsigned certificate to WCF client on Android; on call there is null exception in HTTPSChannelFactory (SetCertificate, list is not accepting null, certificate probably = null); certificate is set to store and retrieved ok; cert is set to channellfactory ok; is chain.build validation (X509CertificateValidator )maybe striping my cert? any chance to avoid validation? ITrustManager implementation is not getting anything to work with so problem is before that; I suppose that same problem is present on server side of things; thanks!

[mconnew]

When you use SetCertificate, it uses X509Store to look for the certificate installed in the cert store. I don't know how that functionality works on Android, eg how StoreLocation and StoreName map to how Android handles certificates. If you have the X509Certificate instance already, then just set it directly on ClientCredentials.ClientCertificate.Certificate. The certificate is set on the HttpClientHandler instance.

The X509CertificateValidator is used to validate the certificate that the server is using. There's a frustrating security feature on Android where it rejects self signed certificates from services. They must be signed by a trusted root certificate, and now you can't install your own root certificates if targeting a recent Android API version. So if you are talking about your service certificate being self signed, the underlying native Android implementation of HttpClientHandler won't even call a certificate validator if it doesn't pass the chain build with a valid root certificate that it does itself. It will just fail the request and there's nothing you can do about it.