System.Security.Cryptography.X509Certificates.X509VerificationFlags Enumeration

Specifies conditions under which verification of certificates in the X509 chain should be conducted.

Syntax

[System.Flags]
public enum X509VerificationFlags

Remarks

These flags indicate the conditions under which chain verification should occur. For example, if an application does not require certificates time values in a chain to be valid, the X509VerificationFlags.IgnoreNotTimeValid flag can be used.

Members

Member NameDescription
AllFlags

All flags pertaining to verification are included.

AllowUnknownCertificateAuthority

Ignore that the chain cannot be verified due to an unknown certificate authority (CA).

IgnoreCertificateAuthorityRevocationUnknown

Ignore that the certificate authority revocation is unknown when determining certificate verification.

IgnoreCtlNotTimeValid

Ignore that the certificate trust list (CTL) is not valid, for reasons such as the CTL has expired, when determining certificate verification.

IgnoreCtlSignerRevocationUnknown

Ignore that the certificate trust list (CTL) signer revocation is unknown when determining certificate verification.

IgnoreEndRevocationUnknown

Ignore that the end certificate (the user certificate) revocation is unknown when determining certificate verification.

IgnoreInvalidBasicConstraints

Ignore that the basic constraints are not valid when determining certificate verification.

IgnoreInvalidName

Ignore that the certificate has an invalid name when determining certificate verification.

IgnoreInvalidPolicy

Ignore that the certificate has invalid policy when determining certificate verification.

IgnoreNotTimeNested

Ignore that the CA (certificate authority) certificate and the issued certificate have validity periods that are not nested when verifying the certificate. For example, the CA cert can be valid from January 1 to December 1 and the issued certificate from January 2 to December 2, which would mean the validity periods are not nested.

IgnoreNotTimeValid

Ignore certificates in the chain that are not valid either because they have expired or they are not yet in effect when determining certificate validity.

IgnoreRootRevocationUnknown

Ignore that the root revocation is unknown when determining certificate verification.

IgnoreWrongUsage

Ignore that the certificate was not issued for the current use when determining certificate verification.

NoFlag

No flags pertaining to verification are included.

Requirements

Namespace: System.Security.Cryptography.X509Certificates
Assembly: System (in System.dll)
Assembly Versions: 2.0.0.0, 4.0.0.0
Since: .NET 2.0