Using self-signed certificates

Question

I have this code:

X509Chain x509Chain = new X509Chain();
x509Chain.ChainPolicy.ExtraStore.Add(certificate1);
x509Chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
x509Chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
x509Chain.Build(certificate2);

foreach (X509ChainElement x509ChainElement in x509Chain.ChainElements)
{
    Log("Name: " + x509ChainElement.Certificate.GetNameInfo(X509NameType.SimpleName, false));
    foreach (X509ChainStatus x509ChainStatus in x509ChainElement.ChainElementStatus)
        Log("status: " + x509ChainStatus.StatusInformation);
    if (x509ChainElement.ChainElementStatus.Length != 0 && (x509ChainElement.Certificate.Thumbprint != certificate1.Thumbprint))// || x509ChainElement.ChainElementStatus[0].Status != X509ChainStatusFlags.UntrustedRoot))
                    return false;
}

I can't manage to get it to install the certificate if it is self-signed (or at least I think it doesnt get installed). On the status log message I get this:

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider

How can I ignore that check?

score -3 · Accepted Answer · answered Feb 25 '14 at 12:05

-3

Set up the policy flags to include AllowUnknownCertificateAuthority.

answered Feb 25 '14 at 12:05

fejesjoco

11,763
3
35
65

If I add this: x509Chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags; or the flag you mentioned I still get that message but x509Chain.Build() returns true.... – Cornwell Feb 25 '14 at 12:08
2

This will also disable authority check altogether, ie. "PartialChain" errors will still result in true. Compare for the answers to http://stackoverflow.com/questions/27307322/verify-server-certificate-against-self-signed-certificate-authority?rq=1 – Divide Mar 01 '16 at 14:13

Using self-signed certificates

1 Answers1

Linked