More .NET libraries
-
Rebex Mail Pack
IMAP, MS Graph, EWS, POP3, SMTP, MIME, S/MIME, MSG
-
Rebex Total Pack
All Rebex .NET libraries together
Back to feature list...
X.509 certificates
On this page:
Certificates are used in TLS/SSL to validate a server in order to make sure you are connecting to the right one. Certificates can be used for client authentication as well. For more information, read our Introduction to Public Key Certificates.
Rebex IMAP has its own Certificate
class for working with X.509 v3 certificates. It provides the following operations:
Loading certificates
A certificate can be loaded from:
- PKCS #12 (.p7b) and PFX (.pfx) files. These usually contain a private key.
- DER files (.der/.cer), either binary or Base64-encoded. Private key can be loaded from an external key file.
// load a certificate with private key from a PFX file var cert1 = Certificate.LoadPfx(pfxPath, pfxPassword); // load a certificate without a private key from a DER file var cert2 = Certificate.LoadDer(derPath); // load a certificate from a DER file and a private key from a key file var cert3 = Certificate.LoadDerWithKey(derPath, keyPath, keyPassword);
' load a certificate with private key from a PFX file Dim cert1 = Certificate.LoadPfx(pfxPath, pfxPassword) ' load a certificate without a private key from a DER file Dim cert2 = Certificate.LoadDer(derPath) ' load a certificate from a DER file and a private key from a key file Dim cert3 = Certificate.LoadDerWithKey(derPath, keyPath, keyPassword)
Saving certificates
A certificate can be saved either to a PKCS #12 or PFX file or to a DER file.
A certificate's private key (if exportable) can be saved either as a part of PFX file or separately using PKCS #8, PuTTY or OpenSSH format.
// save a certificate with private key to a PFX file cert.Save(@"c:\MyData\cert.pfx", CertificateFormat.Pfx, "password"); // save a certificate to a DER file cert.Save(@"c:\MyData\cert.der", CertificateFormat.Der); // save certificate's private key to a base-64 encoded PKCS #8 file cert.SavePrivateKey(@"c:\MyData\cert.key", "password", PrivateKeyFormat.OpenSsh, true);
' save a certificate with private key to a PFX file cert.Save("c:\MyData\cert.pfx", CertificateFormat.Pfx, "password") ' save a certificate to a DER file cert.Save("c:\MyData\cert.der", CertificateFormat.Der) ' save certificate's private key to a base-64 encoded PKCS #8 file cert.SavePrivateKey("c:\MyData\cert.key", "password", PrivateKeyFormat.Base64Pkcs8, True)
Validating certificates
To check whether a certificate is valid and trusted by Windows certificate infrastructure,
use Certificate.Validate
method.
Legacy Windows CE platforms don't natively support certificates signed using algorithms based on SHA-2 hashes. As a workaround for this major OS limitation, we introduced a built-in certificate validator in the 2016 R3 release.
// validate a certificate var res1 = cert.Validate(); if (!res1.Valid) Console.Write("Validation failed: {0} (error {1}).", res1.Status, res1.NativeErrorCode); // validate a server certificate for 'serverName', // skip revocation check and don't care if it's expired or not valid yet var res2 = cert.Validate(serverName, ValidationOptions.SkipRevocationCheck | ValidationOptions.IgnoreTimeNotValid); if (!res2.Valid) Console.Write("Validation failed: {0} (error {1}).", res2.Status, res2.NativeErrorCode);
' validate a certificate Dim res1 = cert.Validate() If Not res1.Valid Then Console.Write("Validation failed: {0} (error {1}).", res1.Status, res1.NativeErrorCode) End If ' validate a server certificate for 'serverName', ' skip revocation check and don't care if it's expired or not valid yet Dim res2 = cert.Validate(serverName, _ ValidationOptions.SkipRevocationCheck Or _ ValidationOptions.IgnoreTimeNotValid) If Not res2.Valid Then Console.Write("Validation failed: {0} (error {1}).", res2.Status, res2.NativeErrorCode) End If
Windows certificate store management
Microsoft Windows provides a system-wide storage for X.509 certificates and private keys. The storage is used by applications such as Internet Explorer, Google Chrome, Microsoft Outlook or Windows Live Mail.
Windows certificate store can be managed using CertificateStore
class:
Manage personal certificate store
// load a certificate from file var cert = Certificate.LoadPfx(certPath, certPassword, KeySetOptions.Exportable); // add the certificate to the "Personal Certificates" store var store = new CertificateStore(CertificateStoreName.My); store.Add(cert); // find all not-expired certificates from issuer named "TestCA" var dn = new DistinguishedName("CN=TestCA, O=Rebex, C=CZ"); var found = store.FindCertificates(dn, CertificateFindOptions.IsTimeValid); Console.WriteLine("{0} certificates found.", found.Length); // remove the certificate from store store.Remove(cert);
' load a certificate from file Dim cert = Certificate.LoadPfx(certPath, certPassword, KeySetOptions.Exportable) ' add the certificate to the "Personal Certificates" store Dim store = New CertificateStore(CertificateStoreName.My) store.Add(cert) ' find all not-expired certificates from issuer named "TestCA" Dim dn = New DistinguishedName("CN=TestCA, O=Rebex, C=CZ") Dim found = store.FindCertificates(dn, CertificateFindOptions.IsTimeValid) Console.WriteLine("{0} certificates found.", found.Length) ' remove the certificate from store store.Remove(cert)
Add a certificate to trusted root certification authorities store
// load a certificate from file var cert = Certificate.LoadDer(certPath); // add the certificate to the "Trusted Root Certificates" store var store = new CertificateStore(CertificateStoreName.Root); store.Add(cert);
' load a certificate from file Dim cert = Certificate.LoadDer(certPath) ' add the certificate to the "Trusted Root Certificates" store Dim store = New CertificateStore(CertificateStoreName.Root) store.Add(cert)
Back to feature list...