This class is used to resolve certificate chains for TLS/SSL connections.
It provides methods for retrieving trusted root certificates and intermediate certificates required to establish a secure connection.
The `CertificateResolution` class is an abstract base class that must be implemented by specific providers to handle different certificate resolution mechanisms.
Remarks
When a client or server needs to validate a certificate presented during a TLS/SSL handshake, it needs to build a chain of trust back to a trusted root certificate. This process involves finding any missing intermediate certificates that link the end-entity certificate to a root certificate present in the system's trusted root store.
The `CertificateResolution` class defines the contract for services that can perform this crucial step in certificate validation. Implementations of this class can leverage various sources for obtaining certificates, such as:
- Local certificate stores
- Remote certificate authorities (CAs) via protocols like OCSP or CMP
- Custom certificate retrieval logic
The .NET Framework provides a default implementation that typically uses the system's certificate store. However, for advanced scenarios or custom trust models, developers can create their own `CertificateResolution` providers.
Syntax
public abstract class CertificateResolutionInheritance Hierarchy
Methods
GetRootCertificates()
Retrieves the collection of trusted root certificates.
Returns: An enumerable collection of X509Certificate2 objects representing the trusted root certificates.
ResolveIntermediateCertificates(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate)
Resolves the intermediate certificates required to build a valid chain for the given certificate.
Parameters:
certificate: The end-entity certificate for which to resolve intermediate certificates.
Returns: An enumerable collection of X509Certificate2 objects representing the intermediate certificates.
Requirements
Namespace: System.Net.Security
Assembly: System.Net.dll