X.509 chain validation without CRL (C#)

Article
08/18/2010

Hi all,

The other day a customer of mine was trying to validate the chain of a cert like this:

 X509Certificate2 cert = new X509Certificate2(fileName);

Console.WriteLine(String.Format("Certificate {0} is valid: {1}", fileName, cert.Verify()));

But the issue was that the cert had no valid CRL (Certificate Revocation List) and they didn't want the validation to fail because of that. They still wanted to be able to use the cert. So we changen the validation code to avoid CRL validation:

 X509Certificate2 Cert = new X509Certificate2(fileName);

X509Chain chain = new X509Chain();

chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;            

Console.WriteLine(String.Format("Certificate {0} is valid: {1}", fileName, chain.Build(cert)));

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

X.509 chain validation without CRL (C#)

Additional resources