I am using this command on my mono VM

sudo mozroots --import --sync

It appears to be getting the cert from this site.

I then try to connect to my ssl site and i get the exception that the cert is invalid. I use firefox and see the cert was issued in 2010. I looked at that file and see the last time its been updated was 2009-05-21 12:50

When using firefox on the same machine i can navigate to the same url i am trying to connect to and i get no ssl issues. (no alert nor asking me to add it to an exception).

I am confused here. How do i update mono to use the latest certs?

-edit- I checked who signed the cert of the site i want to visit and their name is in certdata. I wonder why mono says the cert is not valid.

I tried writing this and i hit yes to the 3 cert it asked me to import

certmgr -ssl https://www.site.com/users/login --machine

I ran my application again and got this error. Googling the error code 0xffffffff80092012 i found this.

Looks like a fixed bug that hasnt been applied to 2.6.4. Or i could be doing it wrong. I do set the ServerCertificateValidationCallback to my own thing and return true for this application as a fix for mono.

System.Net.WebException: Error getting response stream (Write: The authentication or decryption has failed.): SendFailure ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server. Error code: 0xffffffff80092012

Follow-up about bug 606002 - here is the code to ignore said error code. Call it once in your initialization

            ServicePointManager.ServerCertificateValidationCallback += delegate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslPolicyErrors) {
            if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors) {
                foreach (X509ChainStatus status in chain.ChainStatus) {
                    if (status.Status != X509ChainStatusFlags.RevocationStatusUnknown) {
                        return false;
                    }
                }
                return true;
            }

            return false;
        };

1. A default installation of Mono doesn't trust anyone!
2. mozroots will download and import trusted root certificates from Mozilla's LXR.
3. Read the Mono Security FAQ

EDIT:

• Try the latest version of Mono packages from here
• If that doesn't work either try the SVN trunk version here
• From the Bug 606002, Gonzalo Paniagua Javier' suggested: "The way to go is to add your ServerCertificateValidationCallback to ServicePointManager and ignore errors with this code."
• I have little experience in this area so I suggest to contact him for further assistance, maybe he can help. He's email is gonzalo@gonzalo.name (his blog)