How do I validate an SSL certificate from a Windows Phone application? I need to check for criteria like Certificate Issuer Name, Expiry date, Host name match, Certificate chain etc. programmatically from the app. Are these checks handled by the OS itself for trusted certificates? How can I do these validations for self-signed certificates?
2 Answers
2
votes
If you need to perform complete validation of certificates including OCSP and CRL checks, you can do this using our SecureBlackbox product that works on Windows Phone as well. Free CryptoBlackbox package is available.
You need to have some set of trusted root and CA certificates to perform validation (you can export them from some desktop browser and carry with your application). As for self-signed certificates - PKI infrastructure is built on the concept of hierarchy of certificates and CAs. Self-signed certificates are not reliable and the only way to validate them is to compare their key and other parameters with some trusted certificate (i.e. each self-signed certificate must be previously known to the application).
-2
votes
The details of certificates are saved within browser's database , which needs frequent update from time to time if update is possible. Security certificates from popular providers such as verisign are easily be detected.
I would recommend to use third party trusted browsers instead of default browser.
