Arnout's Eclectica

But I digress…

Making HttpWebRequest work while having Fiddler decrypt SSL

Just a quick reminder to myself, so that I can forget about it...

Fiddler can act as a man-in-the-middle and decrypt SSL traffic, but then System.Net.Security rightfully complains about an invalid remote certificate ("The remote certificate is invalid according to the validation procedure."). This results in a System.Net.WebException "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.".

To prevent this from happening:

ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

Just be sure to not include this in production code :-)


  1. ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };

    What do I replace ‘true’ with? My application wants to connect, but I get the error:

    “The remote server returned an error: (401) Unauthorized.”

    Comment by TheDirtyBird — 28 August 2008 @ 15:42

  2. The only thing this line of code does, is accepting certificates regardless of their validity.

    If you get a 401 response, this means that you need to provide credentials — that’s not affected by the ServerCertificateValidationCallback. What happens if you go to that URL using a browser?

    Comment by Arnout — 28 August 2008 @ 15:55

RSS feed for comments on this post. TrackBack URI

Sorry, the comment form is closed at this time.

Copyright © 2006-2009 Arnout Grootveld — Powered by WordPress — Hosted at pair Networks