I have this code:
X509Chain x509Chain = new X509Chain();
x509Chain.ChainPolicy.ExtraStore.Add(certificate1);
x509Chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
x509Chain.ChainPolicy.RevocationFlag = X509RevocationFlag.ExcludeRoot;
x509Chain.Build(certificate2);
foreach (X509ChainElement x509ChainElement in x509Chain.ChainElements)
{
Log("Name: " + x509ChainElement.Certificate.GetNameInfo(X509NameType.SimpleName, false));
foreach (X509ChainStatus x509ChainStatus in x509ChainElement.ChainElementStatus)
Log("status: " + x509ChainStatus.StatusInformation);
if (x509ChainElement.ChainElementStatus.Length != 0 && (x509ChainElement.Certificate.Thumbprint != certificate1.Thumbprint))// || x509ChainElement.ChainElementStatus[0].Status != X509ChainStatusFlags.UntrustedRoot))
return false;
}
I can't manage to get it to install the certificate if it is self-signed (or at least I think it doesnt get installed). On the status log message I get this:
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
How can I ignore that check?
Set up the policy flags to include AllowUnknownCertificateAuthority.