System 2.0.0.0 4.0.0.0 System.Security.Cryptography.X509Certificates.X509Certificate The X.509 structure originated in the International Organization for Standardization (ISO) working groups. This structure can be used to represent various types of information including identity, entitlement, and holder attributes (permissions, age, sex, location, affiliation, and so forth). Although the ISO specifications are most informative on the structure itself, the class is designed to model the usage scenarios defined in specifications issued by the Internet Engineering Task Force (IETF) Public Key Infrastructure, X.509 (PKIX) working group. The most informative of these specifications is RFC 3280, "Certificate and Certificate Revocation List (CRL) Profile."

Represents an X.509 certificate.

Constructor 2.0.0.0 4.0.0.0 This constructor creates an empty object, unlike the other constructors for this class that use certificate information from a byte array, a pointer, or a certificate file.

Initializes a new instance of the class.

Constructor 2.0.0.0 4.0.0.0 This constructor creates a new object using certificate information from a byte array. The byte array can be binary (DER) encoded or Base64-encoded X.509 data. The byte array can also be a PKCS7 (Authenticode) signed file; the signer certificate is used to create the object. If you create an certificate by specifying a PKCS7 signed file store for , the is created for the certificate that signed the store rather than for any of the certificates within the store.

Initializes a new instance of the class using information from a byte array.

A byte array containing data from an X.509 certificate. Constructor 2.0.0.0 4.0.0.0 This constructor creates a new object using a handle for the Microsoft Cryptographic API certificate context, PCCERT_CONTEXT. Note that the immediate caller of this constructor requires unmanaged code permission. The constructor creates a copy of the certificate context. Do not assume that the context structure you passed to the constructor is valid; it may have been released. You can get a copy of the current PCCERT_CONTEXT structure from the property, but it is valid only during the lifetime of the object.

Initializes a new instance of the class using an unmanaged handle.

A pointer to a certificate context in unmanaged code. The C structure is called PCCERT_CONTEXT. Constructor 2.0.0.0 4.0.0.0 This method creates a new instance of the class using an object.

Initializes a new instance of the class using an object.

An object. Constructor 2.0.0.0 4.0.0.0 This constructor creates a new object using a certificate file name. It supports binary (DER) encoding or Base64 encoding. If you create an certificate by specifying a PKCS7 signed file store for , the is created for the certificate that signed the store rather than for any of the certificates within the store.

Initializes a new instance of the class using a certificate file name.

The name of a certificate file. Constructor 2.0.0.0 4.0.0.0 This constructor is used with PKCS12 (PFX) files that contain the certificate's private key. Calling this constructor with the correct password decrypts the private key and saves it to a key container. Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the MSIL Disassembler (Ildasm.exe), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe. If you create an certificate by specifying a PKCS7 signed file store for , the is created for the certificate that signed the store rather than for any of the certificates within the store.

Initializes a new instance of the class using a byte array and a password.

A byte array that contains data from an X.509 certificate. The password required to access the X.509 certificate data. Constructor 2.0.0.0 4.0.0.0 This constructor creates a new object using a byte array and a password that is needed to access the certificate data. It is used with PKCS12 (PFX) files that contain the certificate's private key. Calling this constructor with the correct password decrypts the private key and saves it to a key container. Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the MSIL Disassembler (Ildasm.exe), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe. If you create an certificate by specifying a PKCS7 signed file store for , the is created for the certificate that signed the store rather than for any of the certificates within the store.

Initializes a new instance of the class using a byte array and a password.

A byte array containing data from an X.509 certificate. The password required to access the X.509 certificate data. Constructor 2.0.0.0 4.0.0.0 This constructor is used with PKCS12 (PFX) files that contain the certificate's private key. Calling this constructor with the correct password decrypts the private key and saves it to a key container. Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the MSIL Disassembler (Ildasm.exe), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe. If you create an certificate by specifying a PKCS7 signed file store for , the is created for the certificate that signed the store rather than for any of the certificates within the store.

Initializes a new instance of the class using a certificate file name and a password.

The name of a certificate file. The password required to access the X.509 certificate data. Constructor 2.0.0.0 4.0.0.0 This constructor creates a new object using a certificate file name and a password needed to access the certificate. It is used with PKCS12 (PFX) files that contain the certificate's private key. Calling this constructor with the correct password decrypts the private key and saves it to a key container. Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the MSIL Disassembler (Ildasm.exe), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe. If you create an certificate by specifying a PKCS7 signed file store for , the is created for the certificate that signed the store rather than for any of the certificates within the store.

Initializes a new instance of the class using a certificate file name and a password used to access the certificate.

The name of a certificate file. The password required to access the X.509 certificate data. Constructor 2.0.0.0 4.0.0.0 This constructor is used with PKCS12 (PFX) files that contain the certificate's private key. Calling this constructor with the correct password decrypts the private key and saves it to a Microsoft Cryptographic API Cryptographic Service Provider (CSP). Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the MSIL Disassembler (Ildasm.exe), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe. If you create an certificate by specifying a PKCS7 signed file store for , the is created for the certificate that signed the store rather than for any of the certificates within the store.

Initializes a new instance of the class using a byte array, a password, and a key storage flag.

A byte array that contains data from an X.509 certificate. The password required to access the X.509 certificate data. A bitwise combination of the enumeration values that control where and how to import the certificate. Constructor 2.0.0.0 4.0.0.0 This constructor creates a new object using a byte array, a password that is needed to access the certificate data, and a key storage flag. It is used with PKCS12 (PFX) files that contain the certificate's private key. Calling this constructor with the correct password decrypts the private key and saves it to a Microsoft Cryptographic API Cryptographic Service Provider (CSP). Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the MSIL Disassembler (Ildasm.exe), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe. If you create an certificate by specifying a PKCS7 signed file store for , the is created for the certificate that signed the store rather than for any of the certificates within the store.

Initializes a new instance of the class using a byte array, a password, and a key storage flag.

A byte array containing data from an X.509 certificate. The password required to access the X.509 certificate data. A bitwise combination of the enumeration values that control where and how to import the certificate. Constructor 2.0.0.0 4.0.0.0 If you create an certificate by specifying a PKCS7 signed file store for , the is created for the certificate that signed the store rather than for any of the certificates within the store.

Initializes a new instance of the class using a certificate file name, a password, and a key storage flag.

The name of a certificate file. The password required to access the X.509 certificate data. A bitwise combination of the enumeration values that control where and how to import the certificate. Constructor 2.0.0.0 4.0.0.0 This constructor creates a new object using a certificate file name, a password needed to access the certificate, and a key storage flag. Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the MSIL Disassembler (Ildasm.exe), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe. If you create an certificate by specifying a PKCS7 signed file store for , the is created for the certificate that signed the store rather than for any of the certificates within the store.

Initializes a new instance of the class using a certificate file name, a password used to access the certificate, and a key storage flag.

The name of a certificate file. The password required to access the X.509 certificate data. A bitwise combination of the enumeration values that control where and how to import the certificate. Property 2.0.0.0 4.0.0.0 System.Boolean To be added. This property is set only on a certificate that is associated with a store. If the property is set and the certificate is added to a certificate store, the value is persisted. If the property is set on a certificate retrieved from a store, the value is persisted immediately. In an X.509 store, archived certificates are not included in the returned object unless the property is set to true. No physical archival activity occurs when the value is set or unset.

Gets or sets a value indicating that an X.509 certificate is archived.

Property 2.0.0.0 4.0.0.0 System.Security.Cryptography.X509Certificates.X509ExtensionCollection To be added. The extensions defined in the X.509 v3 certificate format allow additional data to be included in the certificate. A number of extensions are defined by ISO in the X.509 v3 definition as well as by PKIX in RFC 3280, "Certificate and Certificate Revocation List (CRL) Profile." Common extensions include information regarding key usage (), key identifiers (), certificate policies, revocation information (CRL Distribution Point extension), and other uses.

Gets a collection of objects.

Property 2.0.0.0 4.0.0.0 System.String To be added. Friendly names are properties in the X.509 certificate store that can be set. They are used to enable a user to associate aliases with certificates so they can be easily identified. If no friendly name exists for the certificate, an empty string ("") is returned.

Gets or sets the associated alias for a certificate.

Method 2.0.0.0 4.0.0.0 System.MonoTODO("Detection limited to Cert, Pfx, Pkcs12, Pkcs7 and Unknown") System.Security.Cryptography.X509Certificates.X509ContentType This method enables you to discover the type of certificate in a file.

Indicates the type of certificate contained in a byte array.

An object. A byte array containing data from an X.509 certificate. Method 2.0.0.0 4.0.0.0 System.MonoTODO("Detection limited to Cert, Pfx, Pkcs12 and Unknown") System.Security.Cryptography.X509Certificates.X509ContentType This method enables you to discover the type of certificate in a file.

Indicates the type of certificate contained in a file.

An object. The name of a certificate file. Method 2.0.0.0 4.0.0.0 System.MonoTODO("always return String.Empty for UpnName, DnsFromAlternativeName and UrlName") System.String This method should always be used instead of parsing the certificate, since many of the name values can be located in multiple locations. Using this method ensures that the appropriate name is returned.

Gets the subject and issuer names from a certificate.

The name of the certificate. The value for the subject. true to include the issuer name; otherwise, false. Property 2.0.0.0 4.0.0.0 System.Boolean To be added. To be added.

Gets a value that indicates whether an object contains a private key.

Method 2.0.0.0 4.0.0.0 System.Void This method can be used to take a raw byte array of an X.509 certificate and populate the object with its associated values. Since this method accepts only a byte array, it can be used only for certificate types that do not require a password, including a Base64-encoded or DER-encoded X.509 certificate or a PFX/PKCS12 certificate. Note that a PFX/PKCS12 certificate can contain more than one certificate. In that case, the first certificate associated with a private key is used or, if no private key is found, the first certificate is used.

Populates an object with data from a byte array.

A byte array containing data from an X.509 certificate. Method 2.0.0.0 4.0.0.0 System.Void This method uses a certificate file, such as a file with a .cer extension, that represents an X.509 certificate and populates the object with the certificate the file contains. This method can be used with several certificate types, including Base64-encoded or DER-encoded X.509 certificates, PFX/PKCS12 certificates, and signer certificates such as Authenticode. Note that a PFX/PKCS12 certificate can contain more than one certificate. In that case, the first certificate associated with a private key is used or, if no private key is found, the first certificate is used.

Populates an object with information from a certificate file.

The name of a certificate. Method 2.0.0.0 4.0.0.0 System.MonoTODO("SecureString is incomplete") System.Void You can use this method for certificate types such as Base64-encoded or DER-encoded X.509 certificates, or PFX/PKCS12 certificates. Note that a PFX/PKCS12 certificate can contain more than one certificate. In that case, the first certificate associated with a private key is used or, if no private key is found, the first certificate is used. Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the MSIL Disassembler (Ildasm.exe), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.

Populates an object using data from a byte array, a password, and a key storage flag.

A byte array that contains data from an X.509 certificate. The password required to access the X.509 certificate data. A bitwise combination of the enumeration values that control where and how to import the certificate. Method 2.0.0.0 4.0.0.0 System.MonoTODO("missing KeyStorageFlags support") System.Void This method can be used to populate an object using a password for the certificate represented by the byte array. The value can be used to control where and how to import the private key. This method accepts a byte array and can be used for certificate types such as Base64-encoded or DER-encoded X.509 certificates or PFX/PKCS12 certificates. Note that a PFX/PKCS12 certificate can contain more than one certificate. In that case, the first certificate associated with a private key is used or, if no private key is found, the first certificate is used. Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the MSIL Disassembler (Ildasm.exe), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.

Populates an object using data from a byte array, a password, and flags for determining how to import the private key.

A byte array containing data from an X.509 certificate. The password required to access the X.509 certificate data. A bitwise combination of the enumeration values that control where and how to import the certificate. Method 2.0.0.0 4.0.0.0 System.MonoTODO("SecureString is incomplete") System.Void Security Note   Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the MSIL Disassembler (Ildasm.exe), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.

Populates an object with information from a certificate file, a password, and a key storage flag.

The name of a certificate file. The password required to access the X.509 certificate data. A bitwise combination of the enumeration values that control where and how to import the certificate. Method 2.0.0.0 4.0.0.0 System.MonoTODO("missing KeyStorageFlags support") System.Void This method can be used populate an object with information from a certificate file, a password, and an value. Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the MSIL Disassembler (Ildasm.exe), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.

Populates an object with information from a certificate file, a password, and a value.

The name of a certificate file. The password required to access the X.509 certificate data. A bitwise combination of the enumeration values that control where and how to import the certificate. Property 2.0.0.0 4.0.0.0 System.Security.Cryptography.X509Certificates.X500DistinguishedName To be added. This property contains the name of the certificate authority (CA) that issued the certificate. To obtain the name of a certificate, use the method. The distinguished name for the certificate is a textual representation of the certificate subject or issuer. This representation consists of name attributes (for example, "CN=MyName, OU=MyOrgUnit, C=US").

Gets the distinguished name of the certificate issuer.

Property 2.0.0.0 4.0.0.0 System.DateTime To be added. This property indicates an expiration date on which the certificate becomes invalid.

Gets the date in local time after which a certificate is no longer valid.

Property 2.0.0.0 4.0.0.0 System.DateTime To be added. This property indicates the date on which the certificate becomes valid.

Gets the date in local time on which a certificate becomes valid.

Property 2.0.0.0 4.0.0.0 System.Security.Cryptography.AsymmetricAlgorithm To be added. Currently this property supports only RSA or DSA keys, so it returns either an or a object. If no private key is associated with the certificate, it returns null. If you set this property to null or to another key without first deleting it, a private key file is left on the disk. To properly delete the private key associated with this property, set PersistKeyInCsp to false, and then call the method.

Gets or sets the object that represents the private key associated with a certificate.

Property 2.0.0.0 4.0.0.0 System.Security.Cryptography.X509Certificates.PublicKey To be added. This property returns a object, which contains the object identifier () representing the public key algorithm, the ASN.1-encoded parameters, and the ASN.1-encoded key value. You can also obtain the key as an object by referencing the property. This property supports only RSA or DSA keys, so it returns either an or a object that represents the public key.

Gets a object associated with a certificate.

Property 2.0.0.0 4.0.0.0 System.Byte[] To be added. To be added.

Gets the raw data of a certificate.

Method 2.0.0.0 4.0.0.0 System.Void This method can be used to reset the state of the certificate. It also frees any resources associated with the certificate.

Resets the state of an object.

Property 2.0.0.0 4.0.0.0 System.String To be added. The serial number of the certificate is part of the original X.509 protocol. The serial number is a unique number issued by the certificate issuer, which is also called the Certificate Authority (CA).

Gets the serial number of a certificate.

Property 2.0.0.0 4.0.0.0 System.Security.Cryptography.Oid To be added. The object identifier () identifies the type of signature algorithm used by the certificate.

Gets the algorithm used to create the signature of a certificate.

Property 2.0.0.0 4.0.0.0 System.Security.Cryptography.X509Certificates.X500DistinguishedName To be added. The subject distinguished name is the name of the user of the certificate. The distinguished name for the certificate is a textual representation of the subject or issuer of the certificate. This representation consists of name attributes, for example, "CN=MyName, OU=MyOrgUnit, C=US".

Gets the subject distinguished name from a certificate.

Property 2.0.0.0 4.0.0.0 System.String To be added. The thumbprint is dynamically generated using the SHA1 algorithm and does not physically exist in the certificate. Since the thumbprint is a unique value for the certificate, it is commonly used to find a particular certificate in a certificate store.

Gets the thumbprint of a certificate.

Method 2.0.0.0 4.0.0.0 System.String As with all ToString methods, the output might not be consistent across versions of the .NET Framework, so the method results should not be parsed for content. Use the properties on the object to obtain precise information about the content or use the method to obtain information about the certificate. This method displays the certificate in text format.

Displays an X.509 certificate in text format.

The certificate information. Method 2.0.0.0 4.0.0.0 System.String As with all ToString methods, the output might not be consistent across versions of the .NET Framework, so the method results should not be parsed for content. Use the properties on the object to obtain precise information. This method displays the certificate in text format. If the parameter is set to true, the text display includes the public key, private key, and extensions. If is set to false, the text display includes those fields available from the X.509 certificate, including thumbprint, serial number, subject and issuer names, and validity date information.

Displays an X.509 certificate in text format.

The certificate information. true to display the public key, private key, extensions, and so forth; false to display information that is similar to the class, including thumbprint, serial number, subject and issuer names, and so on. Method 2.0.0.0 4.0.0.0 System.MonoTODO("by default this depends on the incomplete X509Chain") System.Boolean This method builds a simple chain for the certificate and applies the base policy to that chain. If you need more information about a failure, validate the certificate directly using the object. Note that the default chaining engine can be overridden using the class. On Microsoft Windows Server 2003, the default engine conforms to the specification described in RFC3280, "Certificate and Certificate Revocation List (CRL) Profile."

Performs a X.509 chain validation using basic validation policy.

true if the validation succeeds; false if the validation fails. Property 2.0.0.0 4.0.0.0 System.Int32 To be added. There are several versions of X.509 certificates. This property identifies which format the certificate uses. For example, "3" is returned for a version 3 certificate.

Gets the X.509 format version of a certificate.