X509Certificate2 Class

Represents an X.509 certificate.

Namespace: System.Net.Security

Assembly: System.Security.Cryptography.X509Certificates.dll

Syntax

Methods

Constructors

Initializes a new instance of the X509Certificate2 class by using the specified array of bytes.

Initializes a new instance of the X509Certificate2 class by using the specified file name.

Initializes a new instance of the X509Certificate2 class by using the specified file name and password.

Properties

Gets the processor architecture associated with the certificate.

Gets the DNS name associated with the certificate.

Gets a value that indicates whether the certificate has a private key.

Gets the issuer of the X.509 v.3 certificate.

Gets the date and time when the certificate expires.

Gets the date and time when the certificate becomes valid.

Gets the private key associated with the certificate.

Gets the subject of the X.509 v.3 certificate.

Gets the thumbprint of the X.509 certificate.

Methods

Verifies the X.509 certificate.

Verifies the X.509 certificate by using the specified certificate chain.

Remarks

The X509Certificate2 class represents an X.509 certificate, which is a digital certificate that uses the public key cryptography standards to bind together a public key with an identity. This identity can be a person, a computer, an organization, or any other entity.

X509Certificate2 objects are commonly used to authenticate the identity of an application, a server, or a client, especially in secure communication protocols like SSL/TLS.

Examples

using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

public class CertificateExample
{
    public static void Main(string[] args)
    {
        try
        {
            // Load a certificate from a file
            string certificatePath = "mycertificate.pfx";
            string certificatePassword = "mypassword";
            X509Certificate2 certificate = new X509Certificate2(certificatePath, certificatePassword);

            Console.WriteLine($"Subject: {certificate.Subject}");
            Console.WriteLine($"Issuer: {certificate.Issuer}");
            Console.WriteLine($"Thumbprint: {certificate.Thumbprint}");
            Console.WriteLine($"Valid from: {certificate.NotBefore}");
            Console.WriteLine($"Expires on: {certificate.NotAfter}");
            Console.WriteLine($"Has Private Key: {certificate.HasPrivateKey}");

            // You can also use it in an SslStream
            // Example: NegotiateClientAuthentication(stream, certificate);
        }
        catch (Exception ex)
        {
            Console.WriteLine($"An error occurred: {ex.Message}");
        }
    }

    // Placeholder for an example using SslStream
    // public static void NegotiateClientAuthentication(System.IO.Stream stream, X509Certificate2 clientCertificate)
    // {
    //     SslStream sslStream = new SslStream(stream, false,
    //         new RemoteCertificateValidationCallback(ValidateServerCertificate),
    //         new LocalCertificateSelectionCallback(SelectClientCertificate));
    //
    //     // ... further SSL/TLS handshake logic ...
    // }
    //
    // public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    // {
    //     // Implement your server certificate validation logic here
    //     return true;
    // }
    //
    // public static X509Certificate SelectClientCertificate(object sender, string targetHost, X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string acceptableIssuers)
    // {
    //     // Select the appropriate client certificate from the collection
    //     return localCertificates[0];
    // }
}
        

Exceptions

• ArgumentException: The certificate file cannot be found or is corrupted.
• CryptographicException: An error occurred during cryptographic operations.
• PKCSException: The password provided for decrypting the certificate is incorrect.