Self signed certificate error- Aspose Network IMAP

rmonteux · February 4, 2009, 10:19am

Hi,

Im trying to connect to an Imap server using VB.Net and Aspose Network -

Just the server uses a self signed certificate, and the application is throwing an error as below:

*****
C:\Documents and Settings\domu\Dokumenty\Visual Studio 2008\Projects\MailChecker
\MailChecker\bin\Release>MailChecker.exe
Server's certificate was rejected by the verifier because of an unknown certificate authority.
*****

The code of the application is as below :

*****
        Dim imap As New Aspose.Network.Imap.ImapClient("email.fluid-rock.com", 993, myusername, mypassword)

        imap.EnableSsl = True

        imap.SecurityMode = Aspose.Network.Imap.ImapSslSecurityMode.Implicit

        Try

            imap.Connect(True)

            imap.SelectFolder(ImapFolderInfo.InBox) 
******


I read all documentation and I honestly dont know how to make Aspose ignore a self signed certificate, accept it and go ahead to do its job.

Any ideas to enlighten me please ?




Cheers,
 
 
Rove.

saqib.razzaq · February 6, 2009, 10:37am

Hi Rove,

Thanks for considering Aspose.

Could you please share how you created the self signed certificate and which IMAP server are you using?

I did some tests on a trial version of MDaemon mail server, created a self signed certificate using its own built in functions and run the same code as yours. It got connected successfully and I was able to read the messages using Aspose.Network.

saqib.razzaq · February 9, 2009, 9:30am

Please check the attached hotfix. If the certificate is signed by un-authorized authority e.g. self-signed certificate, it will ignore and connect to the Imap server.

I was actually able to repro this behavior by creating a self-signing certificate using another method.

rmonteux · February 10, 2009, 5:04am

Hi Saqib,

Sorry for thye delay in the reply, I was very busy at work and did not have a chance to reply earlier.

Thanks a million for that.

As a suggestion, the mechanism should be something similar to

imap.IgnoreCertificateError = True

For security, in some scenarios, you might need to Catch an exception if the certificate is not valid or does not match your stored certificate, to make sure neither DNS or Server have been tampered with and there is no man-in-the-middle.

Similar to the key/certificate mechanism in SSH.

Thanks million again,

Rove.

saqib.razzaq · February 10, 2009, 5:58am

Hi Rove,

Thanks for the suggestion.

We will consider handling this scenario in future releases by adding some Unknown certificate authority checks for security purposes. The idea is to accept private certificates, if you explicitly allow them by setting a property like AllowUnKnownCA or so…