CertificatePolicy Class
Assembly: System (in System.dll)
Represents a policy that defines how certificate validation is performed for secure network connections. This class is typically used to customize the behavior of SSL/TLS connections when specific certificate validation requirements need to be enforced or bypassed.
Syntax
[System.Security.SecurityCritical]
public sealed class CertificatePolicyRemarks
The CertificatePolicy class provides a mechanism to control the validation of X.509 certificates
used in secure network communications, such as those established using SSL/TLS. In .NET Framework versions prior to 4.5,
developers could implement custom certificate validation logic by providing a delegate to the
System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors event or by setting a custom
System.Net.Security.ICertificatePolicy.
Starting with .NET Framework 4.5, the CertificatePolicy class is considered obsolete for new development.
It is recommended to use the more modern and flexible approaches provided by
System.Net.Security.SslClientAuthenticationOptions.RemoteCertificateValidationCallback for client-side
SSL/TLS connections. This callback allows for fine-grained control over certificate validation on a per-connection basis.
SslClientAuthenticationOptions.RemoteCertificateValidationCallback.
Constructors
| Name | Description |
|---|---|
| CertificatePolicy() | Initializes a new instance of the CertificatePolicy class. |
Methods
| Name | Description |
|---|---|
| SatisfyModulusEquality(X509Certificate, X509Certificate) | Determines whether the modulus of two certificates is equal. This method is used internally for certificate comparison. |
| SatisfyRemoteCertChainPolicy(string, X509Certificate, X509Chain, System.Net.Security.SslPolicyErrors) | Evaluates the validity of a remote certificate based on the specified criteria. This method is called by the .NET Framework to validate server certificates. |
Methods
SatisfyModulusEquality
public static bool SatisfyModulusEquality(X509Certificate cert1, X509Certificate cert2)Parameters:
cert1: The first X.509 certificate to compare.cert2: The second X.509 certificate to compare.
Returns: true if the modulus of cert1 is equal to the modulus of cert2; otherwise, false.
SatisfyRemoteCertChainPolicy
public static bool SatisfyRemoteCertChainPolicy(string hostName, X509Certificate certificate, X509Chain chain, System.Net.Security.SslPolicyErrors errors)Parameters:
hostName: The host name of the server.certificate: The remote certificate that was received from the server.chain: The X.509 certificate chain associated with the remote certificate.errors: A bitwise combination of the enumeration values that specifies the errors encountered when validating the remote certificate.
Returns: true if the certificate validation policy is satisfied; otherwise, false.