Hi, in my opinion this should not be possible.
What is a certificate? some kind of identification. The only way to identify a server is its dns name. SO the dns name and the server-name in the certificate have to match! Its just like showing your passport to a police officer and catch the "wrong passport" exception....;-) greetings dominick -----Ursprüngliche Nachricht----- Von: dotnet discussion [mailto:[EMAIL PROTECTED]]Im Auftrag von Thomas Have Gesendet: Dienstag, 21. Mai 2002 09:22 An: [EMAIL PROTECTED] Betreff: [DOTNET] Tweaking SSL remoting Hello. We have a number of Server-side objects hosted in IIS. From the Client- side we access them by registering a HttpClientChannel and then use Activator.GetObject( ObjectType, uri ). 'uri' starts ordinarily with 'http'. To use SSL we install a servercertificate and basically let the uri start with 'https'. This works fine! But... * If I issue a certificate to my server ('foo'), using my own StandAlone CA and then point my browser (IE6.0) to 'https://localhost/Test' IE warns that the server names 'foo' and 'localhost' are different, but 'recommends' (judging from what button is the default in the pop-up window) that I accept the certificate anyway. My client app runs smoothly without raising an exception or simillar. Conversely, if I remove my standalone CA from the list of Trusted Root CAs and connects to 'https:localhost/test' IE warns that the certificate is from an untrusted CA and 'recommends' that I don't accept the servercertificate; in this case the client client app's remoting attempt raises an exception. Now, is it possible to control these 'levels of trust' ie perhaps Id like our client app to catch the situation where the servernames disagree? Regards and TIA ThomasH You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
