Why is this X.509 certificate considered invalid?

c# ssl certificate x509
11,301

Solution 1

Try verifying the certificate chain using the X509Chain class. This can tell you exactly why the certificate isn't considered valid.

As erickson suggested, your X509Store may not have the trusted certificate from the CA in the chain. If you used OpenSSL or another tool to generate your own self-signed CA, you need to add the public certificate for that CA to the X509Store.

Solution 2

Is the issuer's certificate present in the X509Store? A certificate is only valid if it's signed by someone you trust.

Is this a certificate from a real CA, or one that you signed yourself? Certificate signing tools often used by developers, like OpenSSL, don't add some important extensions by default.

Solution 3

I believe x509 certs are tied to a particular user. Could it be invalid because in the code you are accessing it as a different user than the one for which it was created?

Share:
11,301

Related videos on Youtube

Baywatch
Author by

Baywatch

Updated on April 19, 2022

Comments

  • Baywatch
    Baywatch almost 2 years

    I have a given certificate installed on my server. That certificate has valid dates, and seems perfectly valid in the Windows certificates MMC snap-in.

    However, when I try to read the certificate, in order to use it in an HttpRequest, I can't find it. Here is the code used:

        X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
    store.Open(OpenFlags.ReadOnly); X509Certificate2Collection col =
    store.Certificates.Find(X509FindType.FindBySerialNumber, "xxx", true);

    xxx is the serial number; the argument true means "only valid certificates". The returned collection is empty.

    The strange thing is that if I pass false, indicating invalid certificates are acceptable, the collection contains one element—the certificate with the specified serial number.

    In conclusion: the certificate appears valid, but the Find method treats it as invalid! Why?

  • Baywatch
    Baywatch over 15 years
    The chain certicates are present, but somehow were not accessible to this user. I used this sample code from MSDN to check the chain status: tinyurl.com/4wfnng . This code retruns different status depending on the user. I will try to reinstall the certificates. Thanks.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why is my certificate not being validated?
What is the difference for x.509 certificate serial number format in brackets and not in brackets.
How to validate a SSL certificate with C#
Calling a REST web service over SSL
Can I be my own trusted CA via an signed intermediate certificate?
How do I use SSL certificates with HttpWebRequest in C#?
Apache httpd: How to trust specific client certificates?
A call to SSPI failed, see inner exception when running the call a second time?
Encrypt / Decrypt in C# using Certificate
Error: C# The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel