How can I retrieve X509 CERT_TRUST_STATUS with .net? RRS feed

  • Question

  • Hello
    I'm writing a program w/VS 2008 & C# where part of the goal is to check local machine certificates verify the certificates, collect properties and ensure they are not about to expire, etc...

    We were previously doing this using certutil and vbscript, and just parsing the output.

    However, I'd like to do this using a .net program. I have no problem opening the certificate collection using x509Certificate2collection and iterating the properties of the certificates. However, I can't seem to find where I can get the dwerrorstatus & dwinfostatus flags, which apparently resides in the CERT_TRUST_STATUS structure. I've seen many references to capicom, wincrypt, but I'd like to do it without those if possible.

    <> This link has the info I'm looking to get.

    I've passed the certificate to the following:

         private void chainStat(X509Chain ch, X509Certificate2 x509)
          ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
          ch.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
          ch.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(1000);
          ch.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
          ch.ChainPolicy.VerificationTime = DateTime.Now;

    Assuming the info might be somewhere in ch, but I can't find it.

    So is there a way to get the info through .net or will I have to do a dllimport with capicom? I can use up to .net Framework 3.5.

    Any help, or pointers in the right direction would be greatly appreciated!

    Thanks in advance.

    • Edited by bmack500 Tuesday, June 1, 2010 8:35 PM Edit
    Tuesday, June 1, 2010 8:20 PM

All replies

  • Hi,


    Every .cert file has public key. so use that public key for ceritificate validation.

    store public key in Config file and if it matches with  X509Certificate object



    Tuesday, September 14, 2010 12:39 PM