I have problem with certificate validation. I have .perm file witch is chain certificate file (inside there is multiple BEGIN and END CERTIFICATE).
I try to import certificate collection but after importing collection is length 1.
X509Certificate2Collection collection = new X509Certificate2Collection();
collection.Import(certpath);
I couldn't see any interesting options in
X509Chain chain2 = new X509Chain();
I get return of verification false and i believe that the reason is that not all certificates has been loaded.
Below is my full validation method
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
try
{
string certpath = "actual path";
X509Certificate2Collection collection = new X509Certificate2Collection();
collection.Import(certpath);
X509Chain chain2 = new X509Chain();
foreach(X509Certificate2 c in collection)
{
chain2.ChainPolicy.ExtraStore.Add(c);
}
// Check all properties
chain2.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
// This setup does not have revocation information
chain2.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
// Build the chain
chain2.Build(new X509Certificate2(certificate));
// Are there any failures from building the chain?
if (chain2.ChainStatus.Length == 0)
return true;
// If there is a status, verify the status is NoError
bool result = chain2.ChainStatus[0].Status == X509ChainStatusFlags.NoError;
return result;
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
return false;
}
The
X509Certificate2Collection
and theImport
method does not support the file that contains multiple certificates (appended one after another). See documentation for this method here.There is one format which might work -
SerializedStore
but the documentation does not state much about it. I assume that it is some king of aray ofSerializedCert
which is a certificate with it properties therefore even this format does not match with what you have.Try to separate the certificates and use this constructor to initialize
X509Certificate2Collection
.