HOWTO: Validating X.509 certificates on Xamarin.Android and Xamarin.iOS

As of January 2020, standard .NET API for X.509 certificate validation (X509Chain.Build method) still does not appear to be working properly on Xamarin platforms. To make it possible for our users to easily validate certificates on these platforms, we introduced a set of Rebex.Common.Native.dll assemblies that use APIs of Xamarin.Android's Java interop and Xamarin.iOS' Security namespace to provide an X.509 certificate validator suitable for these two Xamarin platforms.

Usage instructions

Rebex.Common.Native.dll assemblies can be found in "bin/xamarin.android" and "bin/xamarin.ios" subfolders of Rebex libraries install folder. Alternatively, they are distributed as a NuGet package, which also provides a compatible API for other mainstream platforms.

To enable a certificate validator suitable for Xamarin.Android and/or Xamarin.iOS, add a reference to Rebex.Common.Native assembly (or the NuGet package) to your project, and use the NativeCertificateEngine class as your certificate engine:

using Rebex.Security.Certificates;
...

CertificateEngine.SetCurrentEngine(new NativeCertificateEngine());

Once this is done, Rebex libraries will use NativeCertificateEngine for certificate validation and chain building.

Limitations

NativeCertificateEngine does not currently support ValidationOptions.