Consider the following sample code: You’ll recognise the part of this code where we open the certificate store and load the self-signed derived certificate.
Note that the Find method will return a collection of X509 certificates but there’s no way to extract just a single element from a X509Certificate2Collection object.
Now remove the certificate from the trusted CA folder.
Then go back to the Personal folder and double-click the IIS certificate. w=410" src="https://dotnetcodr.files.wordpress.com/2015/05/iis-certificate-not-trusted-after-removing-from-global-ca-store.png? w=630" alt="IIS certificate not trusted after removing from global CA store" class="alignnone size-full wp-image-5985" srcset="https://dotnetcodr.files.wordpress.com/2015/05/410w, https://dotnetcodr.files.wordpress.com/2015/05/iis-certificate-not-trusted-after-removing-from-global-ca-store.png?
Certificate validation in C# The two most important objects in .
NET that will help you validate a certificate are X509Chain and X509Chain Policy.
It checks certificate paths, CRL and OCSP revocation (and checks validity of CRLs and OCSP responses as well).
It is flexible and powerful enough and lets you perform additional, deeper checks on each step.
The Revokation Mode enumeration will define whether or not we want to check the revocation list for this certificate: check it on-line, off-line or not at all.Double-click on the following icon: Certificates button in IIS " data-medium-file="https://dotnetcodr.files.wordpress.com/2015/05/certificates-button-in-iis.png? w=300" data-large-file="https://dotnetcodr.files.wordpress.com/2015/05/certificates-button-in-iis.png? w=630&h=262 630w, https://dotnetcodr.files.wordpress.com/2015/05/certificates-button-in-iis.png? w=150&h=62 150w, https://dotnetcodr.files.wordpress.com/2015/05/certificates-button-in-iis.png? w=300&h=125 300w, https://dotnetcodr.files.wordpress.com/2015/05/certificates-button-in-iis.png? w=768&h=319 768w, https://dotnetcodr.files.wordpress.com/2015/05/928w" sizes="(max-width: 630px) 100vw, 630px" / Then click on the following link in the right-hand panel: Create self signed certificate link in IIS " data-medium-file="https://dotnetcodr.files.wordpress.com/2015/05/create-self-signed-certificate-link-in-iis.png? w=242" data-large-file="https://dotnetcodr.files.wordpress.com/2015/05/create-self-signed-certificate-link-in-iis.png? w=150 150w" sizes="(max-width: 242px) 100vw, 242px" / Provide some friendly name for the certificate and click OK.The certificate should appear in the Personal folder in the Certificates snap-in after a refresh. w=630" src="https://dotnetcodr.files.wordpress.com/2015/05/certificate-created-in-iis-visible-in-mmc-snap-in.png? w=630&h=43" alt="Certificate created in IIS visible in MMC snap in" width="630" height="43" class="alignnone size-full wp-image-5983" srcset="https://dotnetcodr.files.wordpress.com/2015/05/certificate-created-in-iis-visible-in-mmc-snap-in.png?The Verification Flags enumeration will let you switch off parts of the chain, e.g.: Normally you’d want to verify all properties so you’ll leave Verification Flags untouched.We then want to build the chain by calling the Build method with the certificate.