This topic describes the PublicSuffix property of the X509Certificate2 class, which retrieves the public suffix of the domain name associated with the certificate.
The Public Suffix List (PSL) is a list of public suffixes maintained by Mozilla. It is used to determine the registrable domain of a hostname, which is important for various privacy and security features like cookie isolation.
The PublicSuffix property returns a string representing the public suffix of the certificate's domain name. If the domain name is not found in the Public Suffix List or if it's an IP address, an empty string is returned.
public string PublicSuffix { get; }
This property is particularly useful when dealing with wildcard certificates or when you need to identify the top-level domain of a host for security or policy enforcement.
For example, if a certificate is issued for *.example.co.uk, the PublicSuffix property would return co.uk. If the certificate is for www.google.com, it would return com.
The following C# code example demonstrates how to retrieve the public suffix from an X509Certificate2 object.
using System; using System.Net.Security; using System.Security.Cryptography.X509Certificates; public class Example { public static void Main( string[] args ) { // Assume 'certificate' is an X509Certificate2 object loaded from a file or store X509Certificate2 certificate = new X509Certificate2( "path/to/your/certificate.cer" ); string publicSuffix = certificate.PublicSuffix; if (!string.IsNullOrEmpty(publicSuffix)) { Console.WriteLine( "Public Suffix: " + publicSuffix ); } else { Console.WriteLine( "Could not determine a public suffix for this certificate." ); } } }