Sysadmins LV
Vadims Podāns
Vadims Podāns
  • I work at
PKI Solutions
Microsoft Most Valuable Professional: Windows PowerShell
Protected by Copyscape DMCA Takedown Notice Search Tool

Retired Microsoft Blog disclaimer

This directory is a mirror of retired "Decrypt My World" MSDN blog and is provided as is. All posting authorship and copyrights belong to respective authors.

X.509 chain validation without CRL (C#)

Original URL: https://blogs.msdn.microsoft.com/alejacma/2010/08/18/x-509-chain-validation-without-crl-c/
Post name: X.509 chain validation without CRL (C#)
Original author: Alejandro Campos Magencio
Posting date: 2010-08-18T00:20:00+00:00

Hi all,

The other day a customer of mine was trying to validate the chain of a cert like this:

X509Certificate2 cert = new X509Certificate2(fileName);

Console.WriteLine(String.Format("Certificate {0} is valid: {1}", fileName, cert.Verify()));


But the issue was that the cert had no validCRL (Certificate Revocation List) and they didn't want the validation to fail because of that. They still wanted to be able to use the cert. So we changen the validation code to avoid CRL validation:

X509Certificate2 Cert = new X509Certificate2(fileName);

X509Chain chain = new X509Chain();

chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;            

Console.WriteLine(String.Format("Certificate {0} is valid: {1}", fileName, chain.Build(cert)));

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

Share this article:

Comments:

Comments are closed.