使用自签名证书

时间:2014-02-25 11:53:37

标签: c# x509certificate x509certificate2

我有这段代码:

X509Chain x509Chain = new X509Chain();
x509Chain.ChainPolicy.ExtraStore.Add(certificate1);
x509Chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
x509Chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
x509Chain.Build(certificate2);

foreach (X509ChainElement x509ChainElement in x509Chain.ChainElements)
{
    Log("Name: " + x509ChainElement.Certificate.GetNameInfo(X509NameType.SimpleName, false));
    foreach (X509ChainStatus x509ChainStatus in x509ChainElement.ChainElementStatus)
        Log("status: " + x509ChainStatus.StatusInformation);
    if (x509ChainElement.ChainElementStatus.Length != 0 && (x509ChainElement.Certificate.Thumbprint != certificate1.Thumbprint))// || x509ChainElement.ChainElementStatus[0].Status != X509ChainStatusFlags.UntrustedRoot))
                    return false;
}

如果证书是自签名的(或者至少我认为它没有安装),我无法设法安装证书。在状态日志消息中,我得到了:

  

已处理证书链,但已在根证书中终止   信任提供者不信任

如何忽略该检查?

1 个答案:

答案 0 :(得分:-1)

设置政策flags以包含AllowUnknownCertificateAuthority