Use self-signed cert without installing in cert store

I have a self-signed certificate (.cer) file from a third party. I'd like to use that certificate in code to connect to their webservice (over HTTPS), without installing it in my cert store in Windows. Specifically this is so all the other developers on the team won't have to install this cert locally in order for the connection to work for them.

Is there a way to do this in code? It can use either old-fashioned webservice-client code (using wsdl.exe or VS's Add Web Reference) or WCF client code (using svcutil.exe or VS's Add Service Reference) - we haven't nailed down which way we want to go yet.

I've tried:

proxy.ClientCertificates.Add(X509Certificate.CreateFromCertFile(@"d:\temp\mycert.cer"));

with old-school webservice code, no luck - it still fails with Could not establish trust relationship for the SSL/TLS secure channel. until I actually install the cert in the cert store. Same thing for:

<identity>
  <certificate encodedValue="the base64 encoded contents of the file" />
</identity&开发者_如何学Cgt;

in the endpoint in app.config using the WCF client techology.

Thanks

The reason why you need the certificate is HTTPS. The web service is secured by transport security (HTTPS) with certificate not trusted by your system. To trust the certificate the common approach is installing the certificate to certification store. This all is not .NET feature - it is Windows feature outside of .NET responsibility.

To trust arbitrary SSL crtificate .NET offers callback method where you can make your own code used to validate certificate: ServicePointManager.ServerCertificateValidationCallback. If you just return true from the callback you will trust every certificate but that is only for development and testing! Once deployed to production application should use certificate from certification store or use specific validation defined in the callback (not recommended).

.NET can't/won't handle a cert+key combination (which you need in this case) from a plaintext file. I haven't found a way to construct one; it flat-out will not read a plaintext key for a cert.

It will, however, work with a P12/PFX container even if the container doesn't have a password. You can even store this as an encoded string and reconstitute it via this constructor: http://msdn.microsoft.com/en-us/library/ms148418.aspx