Certificates : The remote certificate is invalid according to the validation procedure

I see this error so many times. It is generally on the client side as part of the .NET framework.

The root cause of this is:

• Your server certificate is self-signed
• You are using an incorrect host name to connect
• Your certificate is not trusted

The host name must match the subject name on the certificate e.g. company.com and orders.company.com both point to the same URL but the certificate has been issued to company.com. So that is the name you need to use to get to the web site. Or else you can add the other names to the SAN.

If the certificate is not trusted, you can add it to the "Trusted Root Certification Authorities". But be mindful of security.

I find it useful to log why .NET doesn't like it.

Just in case that article disappears, I've saved the config here.

Key info:

The Network Service account must be able to write to this log so give the account access to the directory. 

Change the log location.

e.g. initializeData="c:\Logs\Trace.log"

Now assume that company.com is not in the DNS and you have an IP address e.g. 124.40.60.80.

Now the URL is 124.40.60.80 but the certificate subject name is company.com. Bingo. You get the error.

The solution is to create a host file entry.

124.40.60.80 company.com

Now you can browse to company.com and the name will match.

Enjoy!