ChainCertificate from file

985 views Asked by At

I have problem with certificate validation. I have .perm file witch is chain certificate file (inside there is multiple BEGIN and END CERTIFICATE).

I try to import certificate collection but after importing collection is length 1.

X509Certificate2Collection collection = new X509Certificate2Collection();
collection.Import(certpath);

I couldn't see any interesting options in

X509Chain chain2 = new X509Chain();

I get return of verification false and i believe that the reason is that not all certificates has been loaded.

Below is my full validation method

    private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        try
        {
            string certpath = "actual path";

            X509Certificate2Collection collection = new X509Certificate2Collection();
            collection.Import(certpath);

            X509Chain chain2 = new X509Chain();
            foreach(X509Certificate2 c in collection)
            {
                chain2.ChainPolicy.ExtraStore.Add(c);
            }

            // Check all properties
            chain2.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;

            // This setup does not have revocation information
            chain2.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;

            // Build the chain
            chain2.Build(new X509Certificate2(certificate));

            // Are there any failures from building the chain?
            if (chain2.ChainStatus.Length == 0)
                return true;

            // If there is a status, verify the status is NoError
            bool result = chain2.ChainStatus[0].Status == X509ChainStatusFlags.NoError;

            return result;
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex);
        }
        return false;
    }
1

There are 1 answers

0
pepo On BEST ANSWER

The X509Certificate2Collection and the Import method does not support the file that contains multiple certificates (appended one after another). See documentation for this method here.

There is one format which might work - SerializedStore but the documentation does not state much about it. I assume that it is some king of aray of SerializedCert which is a certificate with it properties therefore even this format does not match with what you have.

Try to separate the certificates and use this constructor to initialize X509Certificate2Collection.