Friday, July 06, 2018

Certificates : The remote certificate is invalid according to the validation procedure

I see this error so many times. It is generally on the client side as part of the .NET framework.

The root cause of this is:
  • Your server certificate is self-signed
  • You are using an incorrect host name to connect
  • Your certificate is not trusted
The host name must match the subject name on the certificate e.g. and both point to the same URL but the certificate has been issued to So that is the name you need to use to get to the web site. Or else you can add the other names to the SAN.

If the certificate is not trusted, you can add it to the "Trusted Root Certification Authorities". But be mindful of security.

I find it useful to log why .NET doesn't like it.

Just in case that article disappears, I've saved the config here.

Key info:

The Network Service account must be able to write to this log so give the account access to the directory. 

Change the log location.

e.g. initializeData="c:\Logs\Trace.log"

Now assume that is not in the DNS and you have an IP address e.g.

Now the URL is but the certificate subject name is Bingo. You get the error.

The solution is to create a host file entry.

Now you can browse to and the name will match.


No comments: