Explain to me about C# and X509 certificates.
-
To many of you who have been dealing with the ins and outs of certificates for some time you will probably consider this rather mundane question. Initially I didn't think it to be a complex issue either, but recent events, or the people I've had to deal with made it very frustrating to say the least. When I wish to load a certificate, in my application, that needs to be used for a secure communications I call the follow function: certStore.Certificates.Find(X509FindType.FindByThumbprint, _thumbprint, true); Can someone please explain the flow of what happens when the last parameter is set to true and if it is set to false. Why would it work when set to false and not when it is set to true? It has something to do with CA certificates, but what exactly? When true does it actually go off to an external server for the validation or does it all happen locally? The reason I ask is because I've been getting conflicting information and I'd like a better understanding. Hoping someone can assist me.
Happy programming!!
-
To many of you who have been dealing with the ins and outs of certificates for some time you will probably consider this rather mundane question. Initially I didn't think it to be a complex issue either, but recent events, or the people I've had to deal with made it very frustrating to say the least. When I wish to load a certificate, in my application, that needs to be used for a secure communications I call the follow function: certStore.Certificates.Find(X509FindType.FindByThumbprint, _thumbprint, true); Can someone please explain the flow of what happens when the last parameter is set to true and if it is set to false. Why would it work when set to false and not when it is set to true? It has something to do with CA certificates, but what exactly? When true does it actually go off to an external server for the validation or does it all happen locally? The reason I ask is because I've been getting conflicting information and I'd like a better understanding. Hoping someone can assist me.
Happy programming!!
well, if its 'true', the certificate needs to be a valid certificate - if its false, the certificate must match the thumbprint, but need not be valid ... .. so, the interesting question is, what constitutes a valid certificate ? I can think of two possibilites off hand, a) one that has not expired, b) one that has not been revoked - sorry I dont have enough cycles spare right now to look it up - those are just the obvious ones btw .. http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2collection.find.aspx[^]
Wolfram Steinke wrote:
When true does it actually go off to an external server for the validation or does it all happen locally?
Im pretty sure its up to {whomever} maintains the certificates on a machine to download and apply CRL's/revoke certificates manually - so Im pretty sure that the system doesnt go off to a remote machine - some PGP frameworks could be set up like this iirc