How can I check whether a ssl certificate is installed?

Question

I use this code to install a self-signed certificate (user has to confirm the installation).

    // Constructor
    public MainPage()
    {
        this.Loaded += new RoutedEventHandler(MainPage_Loaded);

    }
    private async void MainPage_Loaded(object sender, RoutedEventArgs e)
    {
        try
        {
            StorageFolder packageLocation = Windows.ApplicationModel.Package.Current.InstalledLocation;
            StorageFolder certificateFolder = await packageLocation.GetFolderAsync("Certificates");
            StorageFile certificate = await certificateFolder.GetFileAsync("myCer.cer");

            await Launcher.LaunchFileAsync(certificate);
        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.Message.ToString());
        }
    }

Is it possible to check whether the certificate is already installed so that I do not have to install it each time my app is launched?

You could just try to read the certificate from the certificate store by it's serial number, issuer, etc. — Stefan H, Feb 22 '13 at 20:17
Actually you could have found this on Google yourself (this is not specific for WP so no guarantees): http://stackoverflow.com/questions/1205295/get-list-of-certificates-from-the-certificate-store-in-c-sharp — Raxr, Feb 22 '13 at 20:53
Thank you, I am aware of a class [X509Store](http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509store.aspx). As far as I know this class is not available for WP. — MPeli, Feb 22 '13 at 21:01
hi,do you know how to do this right now ? I also want to know some about it — IloveIniesta, Apr 19 '14 at 09:12

score 1 · Answer 1 · answered Aug 11 '13 at 18:46

Certificates can be compared in many ways, but the two most common are by

By Thumbprint
- Cryptographic hash of the public key
- Calculated on request – not stored in the certificate itself
- Unique across all certificates
- Difficult to fake when using a collision resistant hash algorithm(http://en.wikipedia.org/wiki/Preimage_attack)
By Serial Number and Issuer
- Mandated to be unique when using PKI
- Faster to compare as no computation is required
- Can only be trusted when you are validating chain trust. An attacker could generate a self signed certificate with a chosen serial number and issuer name.

In code:

X509Certificate cert1 = /* your cert */;
X509Certificate cert2 = /* your other cert */;

// assuming you are validating pki chain
// X509Certificate compares the serial number and issuer
bool matchUsingSerialAndIssuer = cert1.Equals(cert2);

// otherwise
bool publicKeyIsIdentical = cert1.GetCertHashString() == cert2.GetCertHashString();
// or easier to read if using X509Certificate2 (Thumbprint calls GetCertHashString)
// bool publicKeyIsIdentical = cert1.Thumbprint == cert2.Thumbprint;

score 0 · Answer 2 · answered Feb 22 '13 at 21:28

Why dont you try something like this to find the cert. Also incude this name space into your project System.Security.Cryptography.X509Certificates; If you cant use X509 you can change the below code to use a different type for the cert.

 private static X509Certificate2 GetCertificateFromStore(string certSN)
        {

            X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
            try
            {
                store.Open(OpenFlags.ReadOnly);
                X509Certificate2Collection col = store.Certificates;

                foreach (var currCert in col)
                {
                    var currSN = currCert.SerialNumber;
                    if (certSN.ToUpperInvariant() == currSN)
                    {
                        return currCert; // you found it return it
                        break;
                    }

                }

                return null; // you didnt now install it...
            }
            finally
            {
                store.Close();
            }


        }

Thank you. I do not think I will be able to use your approach because there are not classes [X509Store](http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509store.aspx) and [X509Certificate2Collection](http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2collection.aspx) in WP8. — MPeli, Feb 22 '13 at 22:05

How can I check whether a ssl certificate is installed?

2 Answers2