X509Certificate Class

Represents a digital certificate. Certificates are used to authenticate the identity of a public key owner.

Namespace: System

Assembly: System.Net.Primitives.dll (in .NET Core and .NET 5+)

Assembly: System.Security.Cryptography.X509Certificates.dll (in .NET Framework)

Syntax

public class X509Certificate : object

Introduction

The X509Certificate class is a fundamental component in .NET for managing and working with X.509 digital certificates. These certificates are crucial for establishing secure communication channels, verifying the identity of servers and clients, and enabling digital signatures. This class provides methods and properties to access various aspects of a certificate, such as its subject name, issuer name, public key, and validity period.

Constructors

The X509Certificate class has several constructors to create certificate objects:

X509Certificate()

Initializes a new instance of the X509Certificate class.

X509Certificate(byte[] data)

Initializes a new instance of the X509Certificate class using the specified byte array containing the certificate.

Parameters

Name Type Description
data byte[] A byte array that contains the certificate.

X509Certificate(string fileName)

Initializes a new instance of the X509Certificate class using the specified file name.

Parameters

Name Type Description
fileName string The name of the file containing the certificate.

Properties

The X509Certificate class exposes several properties to retrieve information about the certificate:

Issuer

Gets the name of the entity that issued the certificate.

Type: string

Subject

Gets the name of the entity that the certificate identifies.

Type: string

PublicKey

Gets the public key associated with the certificate.

Type: AsymmetricKey

Methods

The X509Certificate class provides methods for various operations:

Export(X509ContentType contentType)

Exports the certificate in the specified format.

Parameters

Name Type Description
contentType X509ContentType The type of content to export.

Returns

A byte array containing the exported certificate.

GetCertHash()

Returns the hash of the certificate.

Returns

A byte array containing the hash of the certificate.

Example

Loading and Displaying Certificate Information

using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;

public class CertificateExample
{
    public static void Main(string[] args)
    {
        try
        {
            // Replace with the actual path to your certificate file
            string certificatePath = "path/to/your/certificate.cer";

            X509Certificate2 cert = new X509Certificate2(certificatePath);

            Console.WriteLine($"Subject: {cert.Subject}");
            Console.WriteLine($"Issuer: {cert.Issuer}");
            Console.WriteLine($"Valid From: {cert.NotBefore}");
            Console.WriteLine($"Valid To: {cert.NotAfter}");
            Console.WriteLine($"Thumbprint: {cert.Thumbprint}");

            // You can also export the certificate
            byte[] pfxBytes = cert.Export(X509ContentType.Pfx, "your_pfx_password");
            Console.WriteLine($"Certificate exported as PFX (length: {pfxBytes.Length})");
        }
        catch (Exception ex)
        {
            Console.WriteLine($"An error occurred: {ex.Message}");
        }
    }
}

Using X509Certificate with SslStream

using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Text;

public class SslClientExample
{
    public static void Main(string[] args)
    {
        try
        {
            TcpClient client = new TcpClient("www.example.com", 443);
            SslStream sslStream = new SslStream(client.GetStream(), false);

            // Load a client certificate if needed for mutual authentication
            // X509Certificate2 clientCertificate = new X509Certificate2("client.pfx", "password");

            // Authenticate as a client
            sslStream.AuthenticateAsClient("www.example.com" /*, clientCertificate, SslProtocols.Tls12, false */);

            Console.WriteLine("SSL/TLS connection established.");

            // Example: Sending a request
            byte[] requestBytes = Encoding.UTF8.GetBytes("GET / HTTP/1.1\r\nHost: www.example.com\r\nConnection: close\r\n\r\n");
            sslStream.Write(requestBytes);
            sslStream.Flush();

            // Example: Reading the response
            byte[] buffer = new byte[2048];
            int bytesRead = sslStream.Read(buffer, 0, buffer.Length);
            string response = Encoding.UTF8.GetString(buffer, 0, bytesRead);
            Console.WriteLine("Response received:");
            Console.WriteLine(response);

            sslStream.Close();
            client.Close();
        }
        catch (Exception ex)
        {
            Console.WriteLine($"An error occurred: {ex.Message}");
        }
    }
}

Related Topics