I have a .Net 2.0 app that is used internally and we want to use the WebBrowser control to access some Web resources. We want to add encryption to these sites using SSL using self signed certificates.
My question is if there is way to disable all the warnings about the SSL keys coming from an untrusted source? I would like to avoid to have to install the keys in each of the workstations running the app.
Any other suggestions on how to do this are welcome.
-
I do not believe there is a work around for this, you will always get the warning when accessing the above mentioned web resources via the WebBrowser control (or Internet Explorer for that matter) You could however distribute the root cert via Group Policy.
-
I have a work around for this elventear. It is part of a Code Project article that I am writing that illustrates various 'tricks' you can perform when dealing with security and the WebBrowser Control. I will advise here when it is available.
-
Ok, article is up - see http://www.codeproject.com/KB/shell/WebBrowserControlDialogs.aspx
Hopefully this helps.
-
You can do this by hooking dialogs (as someone above send the link) but then implementing SSL will be pointless. Because when an attack does the MITM attack you'll ignore the warnings and continue anyway. Better potion your installer might install the certificate in the first place.
0 comments:
Post a Comment