System.Security.Cryptography.X509Certificates

Provides a wrapper class that represents the handle of an X.509 chain object. For more information, see .

Specifies the way to open the X.509 certificate store.

Open the X.509 certificate store and include archived certificates.

Open the X.509 certificate store for the highest access allowed.

Opens only existing stores; if no store exists, the method will not create a new store.

Open the X.509 certificate store for reading only.

Open the X.509 certificate store for both reading and writing.

Represents a certificate's public key information. This class cannot be inherited.

Initializes a new instance of the class using an object identifier (OID) object of the public key, an ASN.1-encoded representation of the public key parameters, and an ASN.1-encoded representation of the public key value.

An object identifier (OID) object that represents the public key. An ASN.1-encoded representation of the public key parameters. An ASN.1-encoded representation of the public key value.

Gets the ASN.1-encoded representation of the public key value.

The ASN.1-encoded representation of the public key value.

Gets the ASN.1-encoded representation of the public key parameters.

The ASN.1-encoded representation of the public key parameters.

Gets an or object representing the public key.

An object representing the public key. The key algorithm is not supported.

Gets an object identifier (OID) object of the public key.

An object identifier (OID) object of the public key.

Specifies the location of the X.509 certificate store.

The X.509 certificate store used by the current user.

The X.509 certificate store assigned to the local machine.

Specifies the name of the X.509 certificate store to open.

The X.509 certificate store for other users.

The X.509 certificate store for third-party certificate authorities (CAs).

The X.509 certificate store for intermediate certificate authorities (CAs).

The X.509 certificate store for revoked certificates.

The X.509 certificate store for personal certificates.

The X.509 certificate store for trusted root certificate authorities (CAs).

The X.509 certificate store for directly trusted people and resources.

The X.509 certificate store for directly trusted publishers.

Represents the distinguished name of an X509 certificate. This class cannot be inherited.

Initializes a new instance of the class using information from the specified byte array.

A byte array that contains distinguished name information.

Initializes a new instance of the class using the specified object.

An object that represents the distinguished name.

Initializes a new instance of the class using the specified object.

An object.

Initializes a new instance of the class using information from the specified string.

A string that represents the distinguished name.

Initializes a new instance of the class using the specified string and flag.

A string that represents the distinguished name. A bitwise combination of the enumeration values that specify the characteristics of the distinguished name.

Decodes a distinguished name using the characteristics specified by the parameter.

The decoded distinguished name. A bitwise combination of the enumeration values that specify the characteristics of the distinguished name. The certificate has an invalid name.

Returns a formatted version of an X500 distinguished name for printing or for output to a text window or to a console.

A formatted string that represents the X500 distinguished name. true if the return string should contain carriage returns; otherwise, false.

Gets the comma-delimited distinguished name from an X500 certificate.

The comma-delimited distinguished name of the X509 certificate.

Specifies characteristics of the X.500 distinguished name.

The distinguished name does not use the plus sign.

The distinguished name does not use quotation marks.

Forces the distinguished name to encode specific X.500 keys as UTF-8 strings rather than printable Unicode strings. For more information and the list of X.500 keys affected, see the X500NameFlags enumeration.

The distinguished name has no special characteristics.

The distinguished name is reversed.

The distinguished name uses commas.

The distinguished name uses the new line character.

The distinguished name uses semicolons.

The distinguished name uses T61 encoding.

The distinguished name uses UTF8 encoding instead of Unicode character encoding.

Defines the constraints set on a certificate. This class cannot be inherited.

Initializes a new instance of the class.

Initializes a new instance of the class. Parameters specify a value that indicates whether a certificate is a certificate authority (CA) certificate, a value that indicates whether the certificate has a restriction on the number of path levels it allows, the number of levels allowed in a certificate's path, and a value that indicates whether the extension is critical.

true if the certificate is a certificate authority (CA) certificate; otherwise, false. true if the certificate has a restriction on the number of path levels it allows; otherwise, false. The number of levels allowed in a certificate's path. true if the extension is critical; otherwise, false.

Initializes a new instance of the class using an object and a value that identifies whether the extension is critical.

The encoded data to use to create the extension. true if the extension is critical; otherwise, false.

Gets a value indicating whether a certificate is a certificate authority (CA) certificate.

true if the certificate is a certificate authority (CA) certificate, otherwise, false.

Initializes a new instance of the class using an object.

The encoded data to use to create the extension.

Gets a value indicating whether a certificate has a restriction on the number of path levels it allows.

true if the certificate has a restriction on the number of path levels it allows, otherwise, false. The extension cannot be decoded.

Gets the number of levels allowed in a certificate's path.

An integer indicating the number of levels allowed in a certificate's path. The extension cannot be decoded.

Provides methods that help you use X.509 v.3 certificates.

Initializes a new instance of the class.

Initializes a new instance of the class defined from a sequence of bytes representing an X.509v3 certificate.

A byte array containing data from an X.509 certificate. An error with the certificate occurs. For example:The certificate file does not exist.The certificate is invalid.The certificate's password is incorrect. The parameter is null.-or-The length of the parameter is 0.

Initializes a new instance of the class using a byte array and a password.

A byte array containing data from an X.509 certificate. The password required to access the X.509 certificate data. An error with the certificate occurs. For example:The certificate file does not exist.The certificate is invalid.The certificate's password is incorrect. The parameter is null.-or-The length of the parameter is 0.

Initializes a new instance of the class using a byte array, a password, and a key storage flag.

A byte array containing data from an X.509 certificate. The password required to access the X.509 certificate data. A bitwise combination of the enumeration values that control where and how to import the certificate. An error with the certificate occurs. For example:The certificate file does not exist.The certificate is invalid.The certificate's password is incorrect. The parameter is null.-or-The length of the parameter is 0.

[SECURITY CRITICAL] Initializes a new instance of the class using a handle to an unmanaged PCCERT_CONTEXT structure.

A handle to an unmanaged PCCERT_CONTEXT structure.

Initializes a new instance of the class using the name of a PKCS7 signed file.

The name of a PKCS7 signed file. An error with the certificate occurs. For example:The certificate file does not exist.The certificate is invalid.The certificate's password is incorrect. The parameter is null.

Initializes a new instance of the class using the name of a PKCS7 signed file and a password to access the certificate.

The name of a PKCS7 signed file. The password required to access the X.509 certificate data. An error with the certificate occurs. For example:The certificate file does not exist.The certificate is invalid.The certificate's password is incorrect. The parameter is null.

Initializes a new instance of the class using the name of a PKCS7 signed file, a password to access the certificate, and a key storage flag.

The name of a PKCS7 signed file. The password required to access the X.509 certificate data. A bitwise combination of the enumeration values that control where and how to import the certificate. An error with the certificate occurs. For example:The certificate file does not exist.The certificate is invalid.The certificate's password is incorrect. The parameter is null.

Releases all resources used by the current object.

Releases all of the unmanaged resources used by this and optionally releases the managed resources.

true to release both managed and unmanaged resources; false to release only unmanaged resources.

Compares two objects for equality.

true if the current object is equal to the object specified by the parameter; otherwise, false. An object to compare to the current object.

Compares two objects for equality.

true if the current object is equal to the object specified by the parameter; otherwise, false. An object to compare to the current object.

Exports the current object to a byte array in a format described by one of the values.

An array of bytes that represents the current object. One of the values that describes how to format the output data. A value other than , , or was passed to the parameter.-or-The certificate could not be exported.

Exports the current object to a byte array in a format described by one of the values, and using the specified password.

An array of bytes that represents the current object. One of the values that describes how to format the output data. The password required to access the X.509 certificate data. A value other than , , or was passed to the parameter.-or-The certificate could not be exported.

Returns the hash value for the X.509v3 certificate as an array of bytes.

The hash value for the X.509 certificate.

Returns the name of the format of this X.509v3 certificate.

The format of this X.509 certificate.

Returns the hash code for the X.509v3 certificate as an integer.

The hash code for the X.509 certificate as an integer.

Returns the key algorithm information for this X.509v3 certificate as a string.

The key algorithm information for this X.509 certificate as a string. The certificate context is invalid.

Returns the key algorithm parameters for the X.509v3 certificate as an array of bytes.

The key algorithm parameters for the X.509 certificate as an array of bytes. The certificate context is invalid.

Returns the key algorithm parameters for the X.509v3 certificate as a hexadecimal string.

The key algorithm parameters for the X.509 certificate as a hexadecimal string. The certificate context is invalid.

Returns the public key for the X.509v3 certificate as an array of bytes.

The public key for the X.509 certificate as an array of bytes. The certificate context is invalid.

Returns the serial number of the X.509v3 certificate as an array of bytes.

The serial number of the X.509 certificate as an array of bytes. The certificate context is invalid.

[SECURITY CRITICAL] Gets a handle to a Microsoft Cryptographic API certificate context described by an unmanaged PCCERT_CONTEXT structure.

An structure that represents an unmanaged PCCERT_CONTEXT structure.

Gets the name of the certificate authority that issued the X.509v3 certificate.

The name of the certificate authority that issued the X.509v3 certificate. The certificate handle is invalid.

Gets the subject distinguished name from the certificate.

The subject distinguished name from the certificate. The certificate handle is invalid.

Returns a string representation of the current object.

A string representation of the current object.

Returns a string representation of the current object, with extra information, if specified.

A string representation of the current object. true to produce the verbose form of the string representation; otherwise, false.

Represents an X.509 certificate.

Initializes a new instance of the class.

Initializes a new instance of the class using information from a byte array.

A byte array containing data from an X.509 certificate. An error with the certificate occurs. For example:The certificate file does not exist.The certificate is invalid.The certificate's password is incorrect.

Initializes a new instance of the class using a byte array and a password.

A byte array containing data from an X.509 certificate. The password required to access the X.509 certificate data. An error with the certificate occurs. For example:The certificate file does not exist.The certificate is invalid.The certificate's password is incorrect.

Initializes a new instance of the class using a byte array, a password, and a key storage flag.

A byte array containing data from an X.509 certificate. The password required to access the X.509 certificate data. A bitwise combination of the enumeration values that control where and how to import the certificate. An error with the certificate occurs. For example:The certificate file does not exist.The certificate is invalid.The certificate's password is incorrect.

Initializes a new instance of the class using an unmanaged handle.

A pointer to a certificate context in unmanaged code. The C structure is called PCCERT_CONTEXT. An error with the certificate occurs. For example:The certificate file does not exist.The certificate is invalid.The certificate's password is incorrect.

Initializes a new instance of the class using a certificate file name.

The name of a certificate file. An error with the certificate occurs. For example:The certificate file does not exist.The certificate is invalid.The certificate's password is incorrect.

Initializes a new instance of the class using a certificate file name and a password used to access the certificate.

The name of a certificate file. The password required to access the X.509 certificate data. An error with the certificate occurs. For example:The certificate file does not exist.The certificate is invalid.The certificate's password is incorrect.

Initializes a new instance of the class using a certificate file name, a password used to access the certificate, and a key storage flag.

The name of a certificate file. The password required to access the X.509 certificate data. A bitwise combination of the enumeration values that control where and how to import the certificate. An error with the certificate occurs. For example:The certificate file does not exist.The certificate is invalid.The certificate's password is incorrect.

Gets or sets a value indicating that an X.509 certificate is archived.

true if the certificate is archived, false if the certificate is not archived. The certificate is unreadable.

Gets a collection of objects.

An object. The certificate is unreadable.

Gets or sets the associated alias for a certificate.

The certificate's friendly name. The certificate is unreadable.

Indicates the type of certificate contained in a byte array.

An object. A byte array containing data from an X.509 certificate. has a zero length or is null.

Indicates the type of certificate contained in a file.

An object. The name of a certificate file. is null.

Gets the subject and issuer names from a certificate.

The name of the certificate. The value for the subject. true to include the issuer name; otherwise, false.

Gets a value that indicates whether an object contains a private key.

true if the object contains a private key; otherwise, false. The certificate context is invalid.

Gets the distinguished name of the certificate issuer.

An object that contains the name of the certificate issuer. The certificate context is invalid.

Gets the date in local time after which a certificate is no longer valid.

A object that represents the expiration date for the certificate. The certificate is unreadable.

Gets the date in local time on which a certificate becomes valid.

A object that represents the effective date of the certificate. The certificate is unreadable.

Gets or sets the object that represents the private key associated with a certificate.

An object, which is either an RSA or DSA cryptographic service provider. The key value is not an RSA or DSA key, or the key is unreadable. The value being set for this property is null. The key algorithm for this private key is not supported. The X.509 keys do not match. The cryptographic service provider key is null.

Gets a object associated with a certificate.

A object. The key value is not an RSA or DSA key, or the key is unreadable.

Gets the raw data of a certificate.

The raw data of the certificate as a byte array.

Gets the serial number of a certificate.

The serial number of the certificate.

Gets the algorithm used to create the signature of a certificate.

Returns the object identifier () of the signature algorithm. The certificate is unreadable.

Gets the subject distinguished name from a certificate.

An object that represents the name of the certificate subject. The certificate context is invalid.

Gets the thumbprint of a certificate.

The thumbprint of the certificate.

Displays an X.509 certificate in text format.

The certificate information.

Displays an X.509 certificate in text format.

The certificate information. true to display the public key, private key, extensions, and so forth; false to display information that is similar to the class, including thumbprint, serial number, subject and issuer names, and so on.

Gets the X.509 format version of a certificate.

The certificate format. The certificate is unreadable.

Represents a collection of objects. This class cannot be inherited.

Initializes a new instance of the class without any information.

Initializes a new instance of the class using an object.

An object to start the collection from.

Initializes a new instance of the class using an array of objects.

An array of objects.

Initializes a new instance of the class using the specified certificate collection.

An object.

Adds an object to the end of the .

The index at which the has been added. An X.509 certificate represented as an object. is null.

Adds multiple objects in an array to the object.

An array of objects. is null.

Adds multiple objects in an object to another object.

An object. is null.

Determines whether the object contains a specific certificate.

true if the contains the specified ; otherwise, false. The object to locate in the collection. is null.

Exports X.509 certificate information into a byte array.

X.509 certificate information in a byte array. A supported object.

Exports X.509 certificate information into a byte array using a password.

X.509 certificate information in a byte array. A supported object. A string used to protect the byte array. The certificate is unreadable, the content is invalid or, in the case of a certificate requiring a password, the private key could not be exported because the password provided was incorrect.

Searches an object using the search criteria specified by the enumeration and the object.

An object. One of the values. The search criteria as an object. true to allow only valid certificates to be returned from the search; otherwise, false. is invalid.

Returns an enumerator that can iterate through a object.

An object that can iterate through the object.

Imports a certificate in the form of a byte array into a object.

A byte array containing data from an X.509 certificate.

Imports a certificate, in the form of a byte array that requires a password to access the certificate, into a object.

A byte array containing data from an object. The password required to access the certificate information. A bitwise combination of the enumeration values that control how and where the certificate is imported.

Imports a certificate file into a object.

The name of the file containing the certificate information.

Imports a certificate file that requires a password into a object.

The name of the file containing the certificate information. The password required to access the certificate information. A bitwise combination of the enumeration values that control how and where the certificate is imported.

Inserts an object into the object at the specified index.

The zero-based index at which to insert . The object to insert. is less than zero.-or- is greater than the property. The collection is read-only.-or- The collection has a fixed size. is null.

Gets or sets the element at the specified index.

The element at the specified index. The zero-based index of the element to get or set. is less than zero.-or- is equal to or greater than the property. is null.

Removes the first occurrence of a certificate from the object.

The object to be removed from the object. is null.

Removes multiple objects in an array from an object.

An array of objects. is null.

Removes multiple objects in an object from another object.

An object. is null.

Supports a simple iteration over a object. This class cannot be inherited.

Gets the current element in the object.

The current element in the object. The enumerator is positioned before the first element of the collection or after the last element.

Advances the enumerator to the next element in the object.

true if the enumerator was successfully advanced to the next element; false if the enumerator has passed the end of the collection. The collection was modified after the enumerator was created.

Sets the enumerator to its initial position, which is before the first element in the object.

The collection was modified after the enumerator was created.

For a description of this member, see .

The current element in the object. The enumerator is positioned before the first element of the collection or after the last element.

For a description of this member, see .

true if the enumerator was successfully advanced to the next element; false if the enumerator has passed the end of the collection. The collection was modified after the enumerator was created.

For a description of this member, see .

The collection was modified after the enumerator was created.

Defines a collection that stores objects.

Initializes a new instance of the class.

Initializes a new instance of the class from an array of objects.

The array of objects with which to initialize the new object.

Initializes a new instance of the class from another .

The with which to initialize the new object.

Adds an with the specified value to the current .

The index into the current at which the new was inserted. The to add to the current .

Copies the elements of an array of type to the end of the current .

The array of type containing the objects to add to the current . The parameter is null.

Copies the elements of the specified to the end of the current .

The containing the objects to add to the collection. The parameter is null.

Gets a value indicating whether the current contains the specified .

true if the is contained in this collection; otherwise, false. The to locate.

Copies the values in the current to a one-dimensional instance at the specified index.

The one-dimensional that is the destination of the values copied from . The index into to begin copying. The parameter is multidimensional.-or- The number of elements in the is greater than the available space between and the end of . The parameter is null. The parameter is less than the parameter's lower bound.

Returns an enumerator that can iterate through the .

An enumerator of the subelements of you can use to iterate through the collection.

Builds a hash value based on all values contained in the current .

A hash value based on all values contained in the current .

Returns the index of the specified in the current .

The index of the specified by the parameter in the , if found; otherwise, -1. The to locate.

Inserts a into the current at the specified index.

The zero-based index where should be inserted. The to insert.

Gets or sets the entry at the specified index of the current .

The at the specified index of the current . The zero-based index of the entry to locate in the current . The parameter is outside the valid range of indexes for the collection.

Removes a specific from the current .

The to remove from the current . The specified by the parameter is not found in the current .

Enumerates the objects in an .

Initializes a new instance of the class for the specified .

The to enumerate.

Gets the current in the .

The current in the . The enumerator is positioned before the first element of the collection or after the last element.

Advances the enumerator to the next element of the collection.

true if the enumerator was successfully advanced to the next element; false if the enumerator has passed the end of the collection. The collection was modified after the enumerator was instantiated.

Sets the enumerator to its initial position, which is before the first element in the collection.

The collection is modified after the enumerator is instantiated.

For a description of this member, see .

The current X.509 certificate object in the object. The enumerator is positioned before the first element of the collection or after the last element.

For a description of this member, see .

true if the enumerator was successfully advanced to the next element; false if the enumerator has passed the end of the collection. The collection was modified after the enumerator was instantiated.

For a description of this member, see .

The collection was modified after the enumerator was instantiated.

Represents a chain-building engine for certificates.

Initializes a new instance of the class.

Builds an X.509 chain using the policy specified in .

true if the X.509 certificate is valid; otherwise, false. An object. The is not a valid certificate or is null. The is unreadable.

Gets a collection of objects.

An object.

Gets or sets the to use when building an X.509 certificate chain.

The object associated with this X.509 chain. The value being set for this property is null.

Gets the status of each element in an object.

An array of objects.

Releases all of the resources used by this .

Releases the unmanaged resources used by this , and optionally releases the managed resources.

true to release both managed and unmanaged resources; false to release only unmanaged resources.

Gets a safe handle for this instance.

Returns the .

Represents an element of an X.509 chain.

Gets the X.509 certificate at a particular chain element.

An object.

Gets the error status of the current X.509 certificate in a chain.

An array of objects.

Gets additional error information from an unmanaged certificate chain structure.

A string representing the pwszExtendedErrorInfo member of the unmanaged CERT_CHAIN_ELEMENT structure in the Crypto API.

Represents a collection of objects. This class cannot be inherited.

Copies an object into an array, starting at the specified index.

An array of objects. An integer representing the index value. The specified is less than zero, or greater than or equal to the length of the array. is null. plus the current count is greater than the length of the array.

Gets the number of elements in the collection.

An integer representing the number of elements in the collection.

Gets an object that can be used to navigate through a collection of chain elements.

An object.

Gets a value indicating whether the collection of chain elements is synchronized.

Always returns false.

Gets the object at the specified index.

An object. An integer value. is less than zero. is greater than or equal to the length of the collection.

Gets an object that can be used to synchronize access to an object.

A pointer reference to the current object.

Copies an object into an array, starting at the specified index.

An array to copy the object to. The index of at which to start copying. The specified is less than zero, or greater than or equal to the length of the array. is null. plus the current count is greater than the length of the array.

Gets an object that can be used to navigate a collection of chain elements.

An object.

Supports a simple iteration over an . This class cannot be inherited.

Gets the current element in the .

The current element in the . The enumerator is positioned before the first element of the collection or after the last element.

Advances the enumerator to the next element in the .

true if the enumerator was successfully advanced to the next element; false if the enumerator has passed the end of the collection. The collection was modified after the enumerator was created.

Sets the enumerator to its initial position, which is before the first element in the .

The collection was modified after the enumerator was created.

Gets the current element in the .

The current element in the . The enumerator is positioned before the first element of the collection or after the last element.

Represents the chain policy to be applied when building an X509 certificate chain. This class cannot be inherited.

Initializes a new instance of the class.

Gets a collection of object identifiers (OIDs) specifying which application policies or enhanced key usages (EKUs) the certificate supports.

An object.

Gets a collection of object identifiers (OIDs) specifying which certificate policies the certificate supports.

An object.

Represents an additional collection of certificates that can be searched by the chaining engine when validating a certificate chain.

An object.

Resets the members to their default values.

Gets or sets values for X509 revocation flags.

An object. The value supplied is not a valid flag.

Gets or sets values for X509 certificate revocation mode.

An object. The value supplied is not a valid flag.

Gets the time span that elapsed during online revocation verification or downloading the certificate revocation list (CRL).

A object.

Gets verification flags for the certificate.

A value from the enumeration. The value supplied is not a valid flag. is the default value.

The time that the certificate was verified expressed in local time.

A object.

Provides a simple structure for storing X509 chain status and error information.

Specifies the status of the X509 chain.

An value.

Specifies a description of the value.

A localizable string.

Defines the status of an X509 chain.

Specifies that the certificate trust list (CTL) contains an invalid signature.

Specifies that the certificate trust list (CTL) is not valid because of an invalid time value, such as one that indicates that the CTL has expired.

Specifies that the certificate trust list (CTL) is not valid for this use.

Specifies that the X509 chain could not be built.

Specifies that the X509 chain is invalid because a certificate has excluded a name constraint.

Specifies that the certificate has an undefined name constraint.

Specifies that the certificate has an impermissible name constraint.

Specifies that the certificate does not have a supported name constraint or has a name constraint that is unsupported.

Specifies that the X509 chain is invalid due to invalid basic constraints.

Specifies that the X509 chain is invalid due to an invalid extension.

Specifies that the X509 chain is invalid due to invalid name constraints.

Specifies that the X509 chain is invalid due to invalid policy constraints.

Specifies that the X509 chain has no errors.

Specifies that there is no certificate policy extension in the certificate. This error would occur if a group policy has specified that all certificates must have a certificate policy.

Specifies that the X509 chain is invalid due to an invalid certificate signature.

Deprecated. Specifies that the CA (certificate authority) certificate and the issued certificate have validity periods that are not nested. For example, the CA cert can be valid from January 1 to December 1 and the issued certificate from January 2 to December 2, which would mean the validity periods are not nested.

Specifies that the X509 chain is not valid due to an invalid time value, such as a value that indicates an expired certificate.

Specifies that the key usage is not valid.

Specifies that the online certificate revocation list (CRL) the X509 chain relies on is currently offline.

Specifies that the X509 chain could not be built up to the root certificate.

Specifies that it is not possible to determine whether the certificate has been revoked. This can be due to the certificate revocation list (CRL) being offline or unavailable.

Specifies that the X509 chain is invalid due to a revoked certificate.

Specifies that the X509 chain is invalid due to an untrusted root certificate.

Specifies the format of an X.509 certificate.

An Authenticode X.509 certificate.

A single X.509 certificate.

A PFX-formatted certificate. The Pfx value is identical to the Pkcs12 value.

A PKCS #12–formatted certificate. The Pkcs12 value is identical to the Pfx value.

A PKCS #7–formatted certificate.

A single serialized X.509 certificate.

A serialized store.

An unknown X.509 certificate.

Defines the collection of object identifiers (OIDs) that indicates the applications that use the key. This class cannot be inherited.

Initializes a new instance of the class.

Initializes a new instance of the class using an object and a value that identifies whether the extension is critical.

The encoded data to use to create the extension. true if the extension is critical; otherwise, false.

Initializes a new instance of the class using an and a value that identifies whether the extension is critical.

An collection. true if the extension is critical; otherwise, false. The specified contains one or more corrupt values.

Initializes a new instance of the class using an object.

The encoded data to use to create the extension.

Gets the collection of object identifiers (OIDs) that indicate the applications that use the key.

An object indicating the applications that use the key.

Represents an X509 extension.

Initializes a new instance of the class.

Initializes a new instance of the class.

The encoded data to be used to create the extension. true if the extension is critical; otherwise false.

Initializes a new instance of the class.

The object identifier used to identify the extension. The encoded data used to create the extension. true if the extension is critical; otherwise false. is null. is an empty string ("").

Initializes a new instance of the class.

A string representing the object identifier. The encoded data used to create the extension. true if the extension is critical; otherwise false.

Copies the extension properties of the specified object.

The to be copied. is null. does not have a valid X.509 extension.

Gets a Boolean value indicating whether the extension is critical.

true if the extension is critical; otherwise, false.

Represents a collection of objects. This class cannot be inherited.

Initializes a new instance of the class.

Adds an object to an object.

The index at which the parameter was added. An object to add to the object. The value of the parameter is null.

Copies a collection into an array starting at the specified index.

An array of objects. The location in the array at which copying starts. is a zero-length string or contains an invalid value. is null. specifies a value that is not in the range of the array.

Gets the number of objects in a object.

An integer representing the number of objects in the object.

Returns an enumerator that can iterate through an object.

An object to use to iterate through the object.

Gets a value indicating whether the collection is guaranteed to be thread safe.

true if the collection is thread safe; otherwise, false.

Gets the object at the specified index.

An object. The location of the object to retrieve. is less than zero. is equal to or greater than the length of the array.

Gets the first object whose value or friendly name is specified by an object identifier (OID).

An object. The object identifier (OID) of the extension to retrieve.

Gets an object that you can use to synchronize access to the object.

An object that you can use to synchronize access to the object.

Copies the collection into an array starting at the specified index.

An array of objects. The location in the array at which copying starts. is a zero-length string or contains an invalid value. is null. specifies a value that is not in the range of the array.

Returns an enumerator that can iterate through an object.

An object to use to iterate through the object.

Supports a simple iteration over a . This class cannot be inherited.

Gets the current element in the .

The current element in the . The enumerator is positioned before the first element of the collection or after the last element.

Advances the enumerator to the next element in the .

true if the enumerator was successfully advanced to the next element; false if the enumerator has passed the end of the collection. The collection was modified after the enumerator was created.

Sets the enumerator to its initial position, which is before the first element in the .

The collection was modified after the enumerator was created.

Gets an object from a collection.

The current element in the . The enumerator is positioned before the first element of the collection or after the last element.

Specifies the type of value the method searches for.

The parameter for the method must be a string representing either the application policy friendly name or the object identifier (OID, or ) of the certificate. For example, "Encrypting File System" or "1.3.6.1.4.1.311.10.3.4" can be used. For an application that will be localized, the OID value must be used, because the friendly name is localized.

The parameter for the method must be a string representing either the friendly name or the object identifier (OID, or ) of the certificate policy. The best practice is to use the OID, such as "1.3.6.1.4.1.311.10.3.4". For an application that will be localized, the OID must be used, because the friendly name is localized.

The parameter for the method must be a string describing the extension to find. The object identifier (OID) is most commonly used to direct the method to search for all certificates that have an extension matching that OID value.

The parameter for the method must be a string representing the issuer distinguished name of the certificate. This is a more specific search than that provided by the enumeration value. Using the value, the method performs a case-insensitive string comparison for the entire distinguished name. Searching by issuer name is a less precise search.

The parameter for the method must be a string representing the issuer name of the certificate. This is a less specific search than that provided by the enumeration value. Using the value, the method performs a case-insensitive string comparison using the supplied value. For example, if you pass "MyCA" to the method, it will find all certificates with the issuer name containing that string, regardless of other issuer values.

The parameter for the method must be either a string representing the key usage or an integer representing a bit mask containing all the requested key usages. For the string value, only one key usage at a time can be specified, but the method can be used in a cascading sequence to get the intersection of the requested usages. For example, the parameter can be set to "KeyEncipherment" or an integer (0x30 indicates "KeyEncipherment" and "DataEncipherment"). Values of the enumeration can also be used.

The parameter for the method must be a string that represents the serial number of the certificate as displayed by the certificate dialog box, but without the spaces, or as returned by the method.

The parameter for the method must be a string representing the subject distinguished name of the certificate. This is a more specific search than that provided by the enumeration value. Using the value, the method performs a case-insensitive string comparison for the entire distinguished name. Searching by subject name is a less precise search.

The parameter for the method must be a string representing the subject key identifier in hexadecimal, such as "F3E815D45E83B8477B9284113C64EF208E897112", as displayed in the UI.

The parameter for the method must be a string representing the subject name of the certificate. This is a less specific search than that provided by the enumeration value. Using the value, the method performs a case-insensitive string comparison using the supplied value. For example, if you pass "MyCert" to the method, it will find all certificates with the subject name containing that string, regardless of other subject values. Searching by distinguished name is a more precise search.

The parameter for the method must be a string representing the template name of the certificate, such as "ClientAuth". A template name is an X509 version 3 extension that specifies the uses of the certificate.

The parameter for the method must be a string representing the thumbprint of the certificate.

The parameter for the method must be a value in local time. For example, you can find all the certificates that will be valid until the end of the year by eliminating the results of a operation for of the last day of the year from the results of a operation for .

The parameter for the method must be a value in local time. The value does not have to be in the future. For example, you can use to find certificates that became valid in the current year by taking the intersection of the results of a operation for for the last day of last year with the results of a operation for of .

The parameter for the method must be a value in local time. You can use to find all the currently valid certificates.

Defines where and how to import the private key of an X.509 certificate.

The default key set is used. The user key set is usually the default.

Imported keys are marked as exportable.

Private keys are stored in the local computer store rather than the current user store.

The key associated with a PFX file is persisted when importing a certificate.

Private keys are stored in the current user store rather than the local computer store. This occurs even if the certificate specifies that the keys should go in the local computer store.

Notify the user through a dialog box or other method that the key is accessed. The Cryptographic Service Provider (CSP) in use defines the precise behavior.

Defines the usage of a key contained within an X.509 certificate. This class cannot be inherited.

Initializes a new instance of the class.

Initializes a new instance of the class using an object and a value that identifies whether the extension is critical.

The encoded data to use to create the extension. true if the extension is critical; otherwise, false.

Initializes a new instance of the class using the specified value and a value that identifies whether the extension is critical.

One of the values that describes how to use the key. true if the extension is critical; otherwise, false.

Initializes a new instance of the class using an object.

The encoded data to use to create the extension.

Gets the key usage flag associated with the certificate.

One of the values. The extension cannot be decoded.

Defines how the certificate key can be used. If this value is not defined, the key can be used for any purpose.

The key can be used to sign a certificate revocation list (CRL).

The key can be used for data encryption.

The key can be used for decryption only.

The key can be used as a digital signature.

The key can be used for encryption only.

The key can be used to determine key agreement, such as a key created using the Diffie-Hellman key agreement algorithm.

The key can be used to sign certificates.

The key can be used for key encryption.

No key usage parameters.

The key can be used for authentication.

Specifies the type of name the X509 certificate contains.

The DNS name associated with the alternative name of either the subject or the issuer of an X.509 certificate. This value is equivalent to the value.

The DNS name associated with the alternative name of either the subject or issuer of an X509 certificate.

The email address of the subject or issuer associated of an X509 certificate.

The simple name of a subject or issuer of an X509 certificate.

The UPN name of the subject or issuer of an X509 certificate.

The URL address associated with the alternative name of either the subject or issuer of an X509 certificate.

Specifies which X509 certificates in the chain should be checked for revocation.

Only the end certificate is checked for revocation.

The entire chain of certificates is checked for revocation.

The entire chain, except the root certificate, is checked for revocation.

Specifies the mode used to check for X509 certificate revocation.

No revocation check is performed on the certificate.

A revocation check is made using a cached certificate revocation list (CRL).

A revocation check is made using an online certificate revocation list (CRL).

Represents an X.509 store, which is a physical store where certificates are persisted and managed. This class cannot be inherited.

Initializes a new instance of the class using the personal certificates of the current user store.

Initializes a new instance of the class using the specified and values.

One of the enumeration values that specifies the name of the X.509 certificate store. One of the enumeration values that specifies the location of the X.509 certificate store. is not a valid location or is not a valid name.

Initializes a new instance of the class using a string that represents a value from the enumeration and a value from the enumeration.

A string that represents a value from the enumeration. One of the enumeration values that specifies the location of the X.509 certificate store. contains invalid values.

Adds a certificate to an X.509 certificate store.

The certificate to add. is null. The certificate could not be added to the store.

Returns a collection of certificates located in an X.509 certificate store.

A collection of certificates.

Releases the resources used by this .

Gets the location of the X.509 certificate store.

The location of the certificate store.

Gets the name of the X.509 certificate store.

The name of the certificate store.

Opens an X.509 certificate store or creates a new store, depending on flag settings.

A bitwise combination of enumeration values that specifies the way to open the X.509 certificate store. The store is unreadable. The caller does not have the required permission. The store contains invalid values.

Removes a certificate from an X.509 certificate store.

The certificate to remove. is null. The caller does not have the required permission.

Defines a string that identifies a certificate's subject key identifier (SKI). This class cannot be inherited.

Initializes a new instance of the class.

Initializes a new instance of the class using a byte array and a value that identifies whether the extension is critical.

A byte array that represents data to use to create the extension. true if the extension is critical; otherwise, false.

Initializes a new instance of the class using encoded data and a value that identifies whether the extension is critical.

The object to use to create the extension. true if the extension is critical; otherwise, false.

Initializes a new instance of the class using a public key and a value indicating whether the extension is critical.

A object to create a subject key identifier (SKI) from. true if the extension is critical; otherwise, false.

Initializes a new instance of the class using a public key, a hash algorithm identifier, and a value indicating whether the extension is critical.

A object to create a subject key identifier (SKI) from. One of the values that identifies which hash algorithm to use. true if the extension is critical; otherwise, false.

Initializes a new instance of the class using a string and a value that identifies whether the extension is critical.

A string, encoded in hexadecimal format, that represents the subject key identifier (SKI) for a certificate. true if the extension is critical; otherwise, false.

Creates a new instance of the class by copying information from encoded data.

The object to use to create the extension.

Gets a string that represents the subject key identifier (SKI) for a certificate.

A string, encoded in hexadecimal format, that represents the subject key identifier (SKI). The extension cannot be decoded.

Defines the type of hash algorithm to use with the class.

The subject key identifier (SKI) is composed of a 160-bit SHA-1 hash of the encoded public key (including the tag, length, and number of unused bits).

The SKI is composed of the 160-bit SHA-1 hash of the value of the public key (excluding the tag, length, and number of unused bits).

The SKI is composed of a four-bit type field with the value 0100, followed by the least significant 60 bits of the SHA-1 hash of the value of the public key (excluding the tag, length, and number of unused bit string bits)

Specifies conditions under which verification of certificates in the X509 chain should be conducted.

All flags pertaining to verification are included.

Ignore that the chain cannot be verified due to an unknown certificate authority (CA).

Ignore that the certificate authority revocation is unknown when determining certificate verification.

Ignore that the certificate trust list (CTL) is not valid, for reasons such as the CTL has expired, when determining certificate verification.

Ignore that the certificate trust list (CTL) signer revocation is unknown when determining certificate verification.

Ignore that the end certificate (the user certificate) revocation is unknown when determining certificate verification.

Ignore that the basic constraints are not valid when determining certificate verification.

Ignore that the certificate has an invalid name when determining certificate verification.

Ignore that the certificate has invalid policy when determining certificate verification.

Ignore that the CA (certificate authority) certificate and the issued certificate have validity periods that are not nested when verifying the certificate. For example, the CA cert can be valid from January 1 to December 1 and the issued certificate from January 2 to December 2, which would mean the validity periods are not nested.

Ignore certificates in the chain that are not valid either because they have expired or they are not yet in effect when determining certificate validity.

Ignore that the root revocation is unknown when determining certificate verification.

Ignore that the certificate was not issued for the current use when determining certificate verification.

No flags pertaining to verification are included.