Hello,
we have a problem in one of our clients running Windows 2003 small bussiness server, our windows service is running under local system account.
I've searched this forum and found a code you posted to instruct rebex components to accept all certificates, then save the certificate and do the chain validation using X509Certificate2 class.
This is the code I've used:
if ( args.Length != 4 )
{
Console.WriteLine( "Uso: TestCertificadoEmail <smtp|pop3> <host> <port> <implicit|explicit>" );
return;
}
try
{
CertificateChain certChain = null;
if ( args[0] == "smtp" )
{
// 1. Use Rebex SMTP to download the server certificate into a file
Smtp client = new Smtp();
client.Settings.SslAcceptAllCertificates = true;
client.Connect( args[1], Convert.ToInt32( args[2] ), args[3] == "implicit" ? SslMode.Implicit : SslMode.Explicit );
certChain = client.TlsSocket.ServerCertificate;
}
else if ( args[0] == "pop3" )
{
Pop3 client = new Pop3();
client.Settings.SslAcceptAllCertificates = true;
client.Connect( args[1], Convert.ToInt32( args[2] ), args[3] == "implicit" ? SslMode.Implicit : SslMode.Explicit );
certChain = client.TlsSocket.ServerCertificate;
}
else
{
Console.WriteLine( "Protocolo no soportado" );
return;
}
foreach ( var rebexCert in certChain )
{
Console.WriteLine( rebexCert.GetCommonName() );
rebexCert.Save( "cert.der", CertificateFormat.Base64Der );
// 2. Validate the certificate (from the file) without using any Rebex code
X509Certificate2 cert = new X509Certificate2( "cert.der" );
X509ChainPolicy policy = new X509ChainPolicy();
policy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
policy.RevocationMode = X509RevocationMode.Online;
X509Chain chain = new X509Chain( false );
try
{
chain.ChainPolicy = policy;
bool valid = chain.Build( cert );
Console.WriteLine( "Is valid: {0}", valid );
foreach ( X509ChainStatus s in chain.ChainStatus )
{
X509ChainStatusFlags flags = s.Status;
Console.WriteLine( "Status: {0}", flags );
}
}
finally
{
chain.Reset();
}
}
Console.ReadLine();
}
catch ( Exception ex )
{
Console.WriteLine( ex.Message );
Console.WriteLine( ex.StackTrace );
}
And this is the result i get when I connect in this machine to pop.gmail.com port 995.
pop.gmail.com
Is valid: False
Status: NotSignatureValid
Status: RevocationStatusUnknown
Status: OfflineRevocation
Google Internet Authority G2
Is valid: False
Status: NotSignatureValid
Status: RevocationStatusUnknown
Status: OfflineRevocation
GeoTrust Global CA
Is valid: True
Of course this has something to do with this particular machine, because the same test run in my developer machine says all the certificates are valid.
What can I do to solve this certificate problem?
Thanks.