#SharePointProblems | Koskila.net
Solutions are worthless unless shared! Antti K. Koskela's Personal Professional Blog

How to ignore SSL validation errors in a HttpClient in C#?

koskila
#dotnet #certificates
Reading Time 2 min
Word Count 346 words
Comments 0 comments
Rating n/a (0 votes)
View
Share on X Share on LinkedIn Share on Facebook Share on Bluesky Share via Email

SSL certificates - some days they'll give your end users that false sense of security that only a beautiful green lock icon can bring, and some other days they'll throw you in a world of pain because one randomly expired and hence the API you use to update your certificates is now inaccessible.

For these unfortunate and undesirable situations (and of course local dev, CI jobs, or test services with self‑signed certs) you may need HttpClient to look the other way for a short while - just long enough for you to do whatever you had to with whatever fake ACME certificate you happened to have laying around.

In this article, I'll show a minimal, .NET (Core)‑compatible way to do that.

Background

Note that most of the time this should be thought of as a development/test convenience, not a production pattern. Silently accepting any certificate defeats the whole point of TLS and exposes you to man‑in‑the‑middle attacks.

Prefer adding the cert to the trust store, using a proper CA, or configuring your environment to use a valid certificate. Use the ignore‑validation approach only behind a firewall, with feature flags, or in ephemeral test runs.

Below you'll find a minimal, .NET Core/.NET‑compatible handler-based solution (ServicePointManager tricks are for .NET Framework only), plus the slightly more concise built‑in delegate option. The Background and Solution sections explain why and how it works, and point to safer alternatives.

Solution

I first tried to achieve this with GitHub Copilot, with 2 different comments, and it ended up suggesting me 4 different solutions, each using ServicePointManager - which surely works for .NET Framework, but does NOT work for .NET Core/.NET Standard anymore.

I then proceeded to Google, I mean Bing, ferociously, and very quickly came up with this:

var handler = new HttpClientHandler();
if (SettingsCache.Settings.IgnoreSslErrors)
{
    handler.ServerCertificateCustomValidationCallback =
        (httpRequestMessage, cert, cetChain, policyErrors) =>
        {
            return true;
        };
}

_httpClient = new HttpClient(handler);

(Also, it works)

Or if you like funny, built-in delegate names, you can also do this instead:

handler.ServerCertificateCustomValidationCallback =
     HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;

And there you go.

References

Share on X Share on LinkedIn Share on Facebook Share on Bluesky Share via Email

Related Posts

How to export the whole SSL (or TLS) certificate chain based on the original using PowerShell?

1y agoby koskila
#certificates#openssl#powershell

How to export the SSL (or TLS) certificate from a website using PowerShell?

2y agoby koskila
#certificates#openssl#powershell

How to replace the default certificate in AKS?

14d agoby koskila
#aks#certificates#kubernetes

Comments

Interactive comments not implemented yet. Showing legacy comments migrated from WordPress.

No comments yet.

← Back to home
github x linkedin dev.to bluesky sessionize slideshare youtube thoughts on tech antti koskela
Whitewater Magpie Ltd.
© 2025
Static Site Generation timestamp: 2025-12-16T05:09:37Z