Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am using smart card to authenticate the user. I have a authentication service (SecurityTokenService) which handles the authentication logic on the server.
I am using X509Certificate2.Verify() to validate the certificate. Since this API can check if the certificate is valid/revoked by going online and contacting Certification Authority (CA), do I need root certificate on the server?
Can we avoid having root certificate on our local computer? Or root certificate is always mandatory?
I tried a few things and here are the observations:
First of all
X509Certificate2.Verify()does not check if all the certificates in chain are revoked. From this post I came to know that Verify method internally uses Crypt32 CertVerifyCertificateChainPolicy function. The documentation for it says that it does not perform certificate revocation checking. In short, the Verify method just checks if the certificate for which it’s called, is revoked or not.Regarding root certificate :
X509Certificate2.Verify()and root cert is absent, then the method will outrightly returnfalse. So with this method root certificate is absolutely required.Hope this helps someone who wants to know a little more about certificate validation in C#.