PKI Tutorials - Herong's Tutorial Examples - Version 2.10, by Dr. Herong Yang
.NET Program Failed with CA Certificates Deleted
This section provides a tutorial example on testing .NET program on HTTPS communication with root CA certificates deleted - .NET program failed.
After disabling both root CA certificates, my .NET test program still works on https://login.yahoo.com. My last test is to delete both root CA certificates from the trusted certificate store.
1. Delete the first root CA certificate, "DigiCert High Assurance EV Root CA", from the trusted certificate store, using the certificate console.
2. Delete the second root CA certificate, "GTE CyberTrust Global Root", from the trusted certificate store, using the certificate console.
3. Run the .NET test program again:
C:\herong>WebReader.exe https://login.yahoo.com
This time, an error message shows up: "Visual Studio Just-In-Time Debugger - An unhandled win32 exception occurred in WebReader.exe [3452]. Just-In-Time debugging this exception failed with the following error: No installed debugger has Just-In-Time debugging enabled. In Visual Studio, Just-In-Time debugging can be enabled from Tools/Options/Debugging/Just-In-Time. Check the documentation index for 'Just-in-time debugging, errors' for more information."
I am very happy to see the error message. This proves that .NET program does verify server certificate. This also proves that .NET program does use the trusted certificate store for root CA certificates. But this also proves that .NET program does not respect the "Disabled" flag on root CA certificates.
But why .NET gives such a useless error message? Read the next section for answers.
Last update: 2011.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with Google Chrome
Using HTTPS with Mozilla Firefox
HTTPS with IE (Internet Explorer)
Perl Scripts Communicating with HTTPS Servers
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
Windows Certificate Stores and Console
►.NET Programs Communicating with HTTPS Servers
System.Net.Request Class for HTTPS
Test with CA Certificate Disabled
Test with Second CA Certificate Disabled
►.NET Program Failed with CA Certificates Deleted
.NET Reporting Certificate Validation Failed
CAcert.org - Root CA Offering Free Certificates
PKI CA Administration - Issuing Certificates
Comodo Free Personal Certificate
Digital Signature - Microsoft Word
Digital Signature - OpenOffice.org 3