Class CpX509Certificate2

Inheritance
object
CpX509Certificate
CpX509Certificate2
Implements
Inherited Members
Namespace: CryptoPro.Security.Cryptography.X509Certificates
Assembly: CryptoPro.Security.Cryptography.dll
Syntax
public class CpX509Certificate2 : CpX509Certificate, IDisposable, IDeserializationCallback, ISerializable

Constructors

CpX509Certificate2()

Declaration
[Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public CpX509Certificate2()

CpX509Certificate2(CpX509Certificate)

Declaration
public CpX509Certificate2(CpX509Certificate certificate)
Parameters
Type Name Description
CpX509Certificate certificate

CpX509Certificate2(byte[])

Declaration
public CpX509Certificate2(byte[] rawData)
Parameters
Type Name Description
byte[] rawData

CpX509Certificate2(byte[], SecureString?)

Declaration
[CLSCompliant(false)]
public CpX509Certificate2(byte[] rawData, SecureString? password)
Parameters
Type Name Description
byte[] rawData
SecureString password

CpX509Certificate2(byte[], SecureString?, X509KeyStorageFlags)

Declaration
[CLSCompliant(false)]
public CpX509Certificate2(byte[] rawData, SecureString? password, X509KeyStorageFlags keyStorageFlags)
Parameters
Type Name Description
byte[] rawData
SecureString password
X509KeyStorageFlags keyStorageFlags

CpX509Certificate2(byte[], string?)

Declaration
public CpX509Certificate2(byte[] rawData, string? password)
Parameters
Type Name Description
byte[] rawData
string password

CpX509Certificate2(byte[], string?, X509KeyStorageFlags)

Declaration
public CpX509Certificate2(byte[] rawData, string? password, X509KeyStorageFlags keyStorageFlags)
Parameters
Type Name Description
byte[] rawData
string password
X509KeyStorageFlags keyStorageFlags

CpX509Certificate2(nint)

Declaration
public CpX509Certificate2(nint handle)
Parameters
Type Name Description
nint handle

CpX509Certificate2(ReadOnlySpan<byte>)

Initializes a new instance of the X509Certificate2 class from certificate data.

Declaration
public CpX509Certificate2(ReadOnlySpan<byte> rawData)
Parameters
Type Name Description
ReadOnlySpan<byte> rawData

The certificate data to process.
Exceptions
Type Condition
CryptographicException

An error with the certificate occurs.

CpX509Certificate2(ReadOnlySpan<byte>, ReadOnlySpan<char>, X509KeyStorageFlags)

Initializes a new instance of the X509Certificate2 class from certificate data, a password, and key storage flags.

Declaration
public CpX509Certificate2(ReadOnlySpan<byte> rawData, ReadOnlySpan<char> password, X509KeyStorageFlags keyStorageFlags = X509KeyStorageFlags.DefaultKeySet)
Parameters
Type Name Description
ReadOnlySpan<byte> rawData

The certificate data to process.
ReadOnlySpan<char> password

The password required to access the certificate data.
X509KeyStorageFlags keyStorageFlags

A bitwise combination of the enumeration values that control where and how to import the certificate.
Exceptions
Type Condition
CryptographicException

An error with the certificate occurs.

CpX509Certificate2(string)

Declaration
public CpX509Certificate2(string fileName)
Parameters
Type Name Description
string fileName

CpX509Certificate2(string, ReadOnlySpan<char>, X509KeyStorageFlags)

Declaration
public CpX509Certificate2(string fileName, ReadOnlySpan<char> password, X509KeyStorageFlags keyStorageFlags = X509KeyStorageFlags.DefaultKeySet)
Parameters
Type Name Description
string fileName
ReadOnlySpan<char> password
X509KeyStorageFlags keyStorageFlags

CpX509Certificate2(string, SecureString?)

Declaration
[CLSCompliant(false)]
public CpX509Certificate2(string fileName, SecureString? password)
Parameters
Type Name Description
string fileName
SecureString password

CpX509Certificate2(string, SecureString?, X509KeyStorageFlags)

Declaration
[CLSCompliant(false)]
public CpX509Certificate2(string fileName, SecureString? password, X509KeyStorageFlags keyStorageFlags)
Parameters
Type Name Description
string fileName
SecureString password
X509KeyStorageFlags keyStorageFlags

CpX509Certificate2(string, string?)

Declaration
public CpX509Certificate2(string fileName, string? password)
Parameters
Type Name Description
string fileName
string password

CpX509Certificate2(string, string?, X509KeyStorageFlags)

Declaration
public CpX509Certificate2(string fileName, string? password, X509KeyStorageFlags keyStorageFlags)
Parameters
Type Name Description
string fileName
string password
X509KeyStorageFlags keyStorageFlags

Properties

Archived

Declaration
public bool Archived { get; set; }
Property Value
Type Description
bool

Extensions

Declaration
public CpX509ExtensionCollection Extensions { get; }
Property Value
Type Description
CpX509ExtensionCollection

FriendlyName

Declaration
public string FriendlyName { get; set; }
Property Value
Type Description
string

HasPrivateKey

Declaration
public bool HasPrivateKey { get; }
Property Value
Type Description
bool

IssuerName

Declaration
public CpX500DistinguishedName IssuerName { get; }
Property Value
Type Description
CpX500DistinguishedName

NotAfter

Declaration
public DateTime NotAfter { get; }
Property Value
Type Description
DateTime

NotBefore

Declaration
public DateTime NotBefore { get; }
Property Value
Type Description
DateTime

PrivateKey

Declaration
[Obsolete("X509Certificate2.PrivateKey is obsolete. Use the appropriate method to get the private key, such as GetRSAPrivateKey, or use the CopyWithPrivateKey method to create a new instance with a private key.", DiagnosticId = "SYSLIB0028", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public AsymmetricAlgorithm? PrivateKey { get; set; }
Property Value
Type Description
AsymmetricAlgorithm

PrivateKeyCspParameters

Declaration
public CpCspParameters PrivateKeyCspParameters { get; }
Property Value
Type Description
CpCspParameters

PublicKey

Declaration
public CpPublicKey PublicKey { get; }
Property Value
Type Description
CpPublicKey

RawData

Declaration
public byte[] RawData { get; }
Property Value
Type Description
byte[]

RawDataMemory

Gets the raw data of a certificate.

Declaration
public ReadOnlyMemory<byte> RawDataMemory { get; }
Property Value
Type Description
ReadOnlyMemory<byte>
Remarks

Unlike RawData, this does not create a fresh copy of the data every time.

SerialNumber

Declaration
public string SerialNumber { get; }
Property Value
Type Description
string

SignatureAlgorithm

Declaration
public Oid SignatureAlgorithm { get; }
Property Value
Type Description
Oid

SubjectName

Declaration
public CpX500DistinguishedName SubjectName { get; }
Property Value
Type Description
CpX500DistinguishedName

Thumbprint

Declaration
public string Thumbprint { get; }
Property Value
Type Description
string

Version

Declaration
public int Version { get; }
Property Value
Type Description
int

Methods

CopyWithPrivateKey(ECDiffieHellman)

Combines a private key with the public key of an ECDiffieHellman certificate to generate a new ECDiffieHellman certificate.

Declaration
public X509Certificate2 CopyWithPrivateKey(ECDiffieHellman privateKey)
Parameters
Type Name Description
ECDiffieHellman privateKey

The private ECDiffieHellman key.
Returns
Type Description
X509Certificate2

A new ECDiffieHellman certificate with the HasPrivateKey property set to true. The current certificate isn't modified.
Exceptions
Type Condition
ArgumentNullException

privateKey is null.
InvalidOperationException

The certificate already has an associated private key.
ArgumentException

The certificate doesn't have a public key.

-or-

The specified private key doesn't match the public key for this certificate.

CreateFromEncryptedPem(ReadOnlySpan<char>, ReadOnlySpan<char>, ReadOnlySpan<char>)

Creates a new X509 certificate from the contents of an RFC 7468 PEM-encoded certificate and password protected private key.

Declaration
public static CpX509Certificate2 CreateFromEncryptedPem(ReadOnlySpan<char> certPem, ReadOnlySpan<char> keyPem, ReadOnlySpan<char> password)
Parameters
Type Name Description
ReadOnlySpan<char> certPem

The text of the PEM-encoded X509 certificate.
ReadOnlySpan<char> keyPem

The text of the password protected PEM-encoded private key.
ReadOnlySpan<char> password

The password for the encrypted PEM.
Returns
Type Description
CpX509Certificate2

A new certificate with the private key.
Remarks

Password protected PEM-encoded keys are always expected to have the PEM label "ENCRYPTED PRIVATE KEY".

PEM-encoded items that have a different label are ignored.

If the PEM-encoded certificate and private key are in the same text, use the same string for both certPem and keyPem, such as: 

CreateFromEncryptedPem(combinedCertAndKey, combinedCertAndKey, theKeyPassword);
Combined PEM-encoded certificates and keys do not require a specific order. For the certificate, the the first certificate with a CERTIFICATE label is loaded. For the private key, the first private key with the label "ENCRYPTED PRIVATE KEY" is loaded. More advanced scenarios for loading certificates and private keys can leverage PemEncoding to enumerate PEM-encoded values and apply any custom loading behavior.

For PEM-encoded keys without a password, use CreateFromPem(ReadOnlySpan<char>, ReadOnlySpan<char>).

Exceptions
Type Condition
CryptographicException

The contents of certPem do not contain a PEM-encoded certificate, or it is malformed.

-or-

The contents of keyPem do not contain a password protected PEM-encoded private key, or it is malformed.

-or-

The contents of keyPem contains a key that does not match the public key in the certificate.

-or-

The certificate uses an unknown public key algorithm.

-or-

The password specified for the private key is incorrect.

CreateFromEncryptedPemFile(string, ReadOnlySpan<char>, string?)

Creates a new X509 certificate from the file contents of an RFC 7468 PEM-encoded certificate and password protected private key.

Declaration
public static X509Certificate2 CreateFromEncryptedPemFile(string certPemFilePath, ReadOnlySpan<char> password, string? keyPemFilePath = null)
Parameters
Type Name Description
string certPemFilePath

The path for the PEM-encoded X509 certificate.
ReadOnlySpan<char> password

The password for the encrypted PEM.
string keyPemFilePath

If specified, the path for the password protected PEM-encoded private key. If unspecified, the certPemFilePath file will be used to load the private key.
Returns
Type Description
X509Certificate2

A new certificate with the private key.
Remarks

See ReadAllText(string) for additional documentation about exceptions that can be thrown.

Password protected PEM-encoded keys are always expected to have the PEM label "ENCRYPTED PRIVATE KEY".

PEM-encoded items that have a different label are ignored.

Combined PEM-encoded certificates and keys do not require a specific order. For the certificate, the the first certificate with a CERTIFICATE label is loaded. For the private key, the first private key with the label "ENCRYPTED PRIVATE KEY" is loaded. More advanced scenarios for loading certificates and private keys can leverage PemEncoding to enumerate PEM-encoded values and apply any custom loading behavior.

For PEM-encoded keys without a password, use CreateFromPemFile(string, string?).

Exceptions
Type Condition
CryptographicException

The contents of the file path in certPemFilePath do not contain a PEM-encoded certificate, or it is malformed.

-or-

The contents of the file path in keyPemFilePath do not contain a password protected PEM-encoded private key, or it is malformed.

-or-

The contents of the file path in keyPemFilePath contains a key that does not match the public key in the certificate.

-or-

The certificate uses an unknown public key algorithm.

-or-

The password specified for the private key is incorrect.
ArgumentNullException

certPemFilePath is null.

CreateFromPem(ReadOnlySpan<char>)

Creates a new X509 certificate from the contents of an RFC 7468 PEM-encoded certificate.

Declaration
public static CpX509Certificate2 CreateFromPem(ReadOnlySpan<char> certPem)
Parameters
Type Name Description
ReadOnlySpan<char> certPem

The text of the PEM-encoded X509 certificate.
Returns
Type Description
CpX509Certificate2

A new X509 certificate.
Remarks

This loads the first well-formed PEM found with a CERTIFICATE label.

For PEM-encoded certificates with a private key, use CreateFromPem(ReadOnlySpan<char>, ReadOnlySpan<char>).

For PEM-encoded certificates in a file, use X509Certificate2(string).

Exceptions
Type Condition
CryptographicException

The contents of certPem do not contain a PEM-encoded certificate, or it is malformed.

CreateFromPem(ReadOnlySpan<char>, ReadOnlySpan<char>)

Creates a new X509 certificate from the contents of an RFC 7468 PEM-encoded certificate and private key.

Declaration
public static CpX509Certificate2 CreateFromPem(ReadOnlySpan<char> certPem, ReadOnlySpan<char> keyPem)
Parameters
Type Name Description
ReadOnlySpan<char> certPem

The text of the PEM-encoded X509 certificate.
ReadOnlySpan<char> keyPem

The text of the PEM-encoded private key.
Returns
Type Description
CpX509Certificate2

A new certificate with the private key.
Remarks

The SubjectPublicKeyInfo from the certificate determines what PEM labels are accepted for the private key. For RSA certificates, accepted private key PEM labels are "RSA PRIVATE KEY" and "PRIVATE KEY". For ECDSA and ECDH certificates, accepted private key PEM labels are "EC PRIVATE KEY" and "PRIVATE KEY". For DSA certificates, the accepted private key PEM label is "PRIVATE KEY".

PEM-encoded items that have a different label are ignored.

If the PEM-encoded certificate and private key are in the same text, use the same string for both certPem and keyPem, such as: 

CreateFromPem(combinedCertAndKey, combinedCertAndKey);
Combined PEM-encoded certificates and keys do not require a specific order. For the certificate, the the first certificate with a CERTIFICATE label is loaded. For the private key, the first private key with an acceptable label is loaded. More advanced scenarios for loading certificates and private keys can leverage PemEncoding to enumerate PEM-encoded values and apply any custom loading behavior.

For password protected PEM-encoded keys, use CreateFromEncryptedPem(ReadOnlySpan<char>, ReadOnlySpan<char>, ReadOnlySpan<char>) to specify a password.

Exceptions
Type Condition
CryptographicException

The contents of certPem do not contain a PEM-encoded certificate, or it is malformed.

-or-

The contents of keyPem do not contain a PEM-encoded private key, or it is malformed.

-or-

The contents of keyPem contains a key that does not match the public key in the certificate.

-or-

The certificate uses an unknown public key algorithm.

CreateFromPemFile(string, string?)

Creates a new X509 certificate from the file contents of an RFC 7468 PEM-encoded certificate and private key.

Declaration
public static X509Certificate2 CreateFromPemFile(string certPemFilePath, string? keyPemFilePath = null)
Parameters
Type Name Description
string certPemFilePath

The path for the PEM-encoded X509 certificate.
string keyPemFilePath

If specified, the path for the PEM-encoded private key. If unspecified, the certPemFilePath file will be used to load the private key.
Returns
Type Description
X509Certificate2

A new certificate with the private key.
Remarks

See ReadAllText(string) for additional documentation about exceptions that can be thrown.

The SubjectPublicKeyInfo from the certificate determines what PEM labels are accepted for the private key. For RSA certificates, accepted private key PEM labels are "RSA PRIVATE KEY" and "PRIVATE KEY". For ECDSA certificates, accepted private key PEM labels are "EC PRIVATE KEY" and "PRIVATE KEY". For DSA certificates, the accepted private key PEM label is "PRIVATE KEY".

PEM-encoded items that have a different label are ignored.

Combined PEM-encoded certificates and keys do not require a specific order. For the certificate, the the first certificate with a CERTIFICATE label is loaded. For the private key, the first private key with an acceptable label is loaded. More advanced scenarios for loading certificates and private keys can leverage PemEncoding to enumerate PEM-encoded values and apply any custom loading behavior.

For password protected PEM-encoded keys, use CreateFromEncryptedPemFile(string, ReadOnlySpan<char>, string?) to specify a password.

Exceptions
Type Condition
CryptographicException

The contents of the file path in certPemFilePath do not contain a PEM-encoded certificate, or it is malformed.

-or-

The contents of the file path in keyPemFilePath do not contain a PEM-encoded private key, or it is malformed.

-or-

The contents of the file path in keyPemFilePath contains a key that does not match the public key in the certificate.

-or-

The certificate uses an unknown public key algorithm.
ArgumentNullException

certPemFilePath is null.

ExportCertificatePem()

Exports the public X.509 certificate, encoded as PEM.

Declaration
public string ExportCertificatePem()
Returns
Type Description
string

The PEM encoding of the certificate.
Remarks

A PEM-encoded X.509 certificate will begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----, with the base64 encoded DER contents of the certificate between the PEM boundaries.

The certificate is encoded according to the IETF RFC 7468 "strict" encoding rules.

Exceptions
Type Condition
CryptographicException

The certificate is corrupt, in an invalid state, or could not be exported to PEM.

GetCertContentType(byte[])

Declaration
public static X509ContentType GetCertContentType(byte[] rawData)
Parameters
Type Name Description
byte[] rawData
Returns
Type Description
X509ContentType

GetCertContentType(ReadOnlySpan<byte>)

Indicates the type of certificate contained in the provided data.

Declaration
public static X509ContentType GetCertContentType(ReadOnlySpan<byte> rawData)
Parameters
Type Name Description
ReadOnlySpan<byte> rawData

The data to identify.
Returns
Type Description
X509ContentType

One of the enumeration values that indicate the content type of the provided data.

GetCertContentType(string)

Declaration
public static X509ContentType GetCertContentType(string fileName)
Parameters
Type Name Description
string fileName
Returns
Type Description
X509ContentType

GetECDiffieHellmanPrivateKey()

Gets the ECDiffieHellman private key from this certificate.

Declaration
public ECDiffieHellman? GetECDiffieHellmanPrivateKey()
Returns
Type Description
ECDiffieHellman

The private key, or null if this certificate does not have an ECDiffieHellman private key.
Exceptions
Type Condition
CryptographicException

The handle is invalid.

GetECDiffieHellmanPublicKey()

Gets the ECDiffieHellman public key from this certificate.

Declaration
public ECDiffieHellman? GetECDiffieHellmanPublicKey()
Returns
Type Description
ECDiffieHellman

The public key, or null if this certificate does not have an ECDiffieHellman public key.
Exceptions
Type Condition
CryptographicException

The handle is invalid.

GetNameInfo(X509NameType, bool)

Declaration
public string GetNameInfo(X509NameType nameType, bool forIssuer)
Parameters
Type Name Description
X509NameType nameType
bool forIssuer
Returns
Type Description
string

Import(byte[])

Declaration
[Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public override void Import(byte[] rawData)
Parameters
Type Name Description
byte[] rawData
Overrides

Import(byte[], SecureString?, X509KeyStorageFlags)

Declaration
[CLSCompliant(false)]
[Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public override void Import(byte[] rawData, SecureString? password, X509KeyStorageFlags keyStorageFlags)
Parameters
Type Name Description
byte[] rawData
SecureString password
X509KeyStorageFlags keyStorageFlags
Overrides

Import(byte[], string?, X509KeyStorageFlags)

Declaration
[Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public override void Import(byte[] rawData, string? password, X509KeyStorageFlags keyStorageFlags)
Parameters
Type Name Description
byte[] rawData
string password
X509KeyStorageFlags keyStorageFlags
Overrides

Import(string)

Declaration
[Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public override void Import(string fileName)
Parameters
Type Name Description
string fileName
Overrides

Import(string, SecureString?, X509KeyStorageFlags)

Declaration
[CLSCompliant(false)]
[Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public override void Import(string fileName, SecureString? password, X509KeyStorageFlags keyStorageFlags)
Parameters
Type Name Description
string fileName
SecureString password
X509KeyStorageFlags keyStorageFlags
Overrides

Import(string, string?, X509KeyStorageFlags)

Declaration
[Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId = "SYSLIB0026", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
public override void Import(string fileName, string? password, X509KeyStorageFlags keyStorageFlags)
Parameters
Type Name Description
string fileName
string password
X509KeyStorageFlags keyStorageFlags
Overrides

MatchesHostname(string, bool, bool)

Checks to see if the certificate matches the provided hostname.

Declaration
public bool MatchesHostname(string hostname, bool allowWildcards = true, bool allowCommonName = true)
Parameters
Type Name Description
string hostname

The host name to match against.
bool allowWildcards

true to allow wildcard matching for dNSName values in the Subject Alternative Name extension; otherwise, false.
bool allowCommonName

true to allow matching against the subject Common Name value; otherwise, false.
Returns
Type Description
bool

true if the certificate is a match for the requested hostname; otherwise, false
Remarks

This method is a platform neutral implementation of IETF RFC 6125 host matching logic. The SslStream class uses the hostname validator from the operating system, which may result in different values from this implementation.

The logical flow of this method is:

  • If the hostname parses as an IPAddress then IPAddress matching is done; otherwise, DNS Name matching is done.
  • For IPAddress matching, the value must be an exact match against an iPAddress value in an entry of the Subject Alternative Name extension.
  • For DNS Name matching, the value must be an exact match against a dNSName value in an entry of the Subject Alternative Name extension, or a wildcard match against the same.
  • For wildcard matching, the wildcard must be the first character in the dNSName entry, the second character must be a period (.), and the entry must have a length greater than two. The wildcard will only match the hostname value up to the first period (.), remaining characters must be an exact match.
  • If there is no Subject Alternative Name extension, or the extension does not have any entries of the appropriate type, then Common Name matching is used as a fallback.
  • For Common Name matching, if the Subject Name contains a single Common Name, and that attribute is not defined as part of a multi-valued Relative Distinguished Name, then the hostname is matched against the Common Name attribute's value. Note that wildcards are not used in Common Name matching.

This implementation considers SRV-ID values or URI-ID values as out-of-scope, and will not use their presence as a reason to stop the fallback from DNS-ID matching to the CN-ID.

This method does not convert non-ASCII hostnames to the IDNA representation. For Unicode domains, the caller must make use of IdnMapping or an equivalent IDNA mapper.

The "exact" matches performed by this routine are OrdinalIgnoreCase, as domain names are not case-sensitive.

This method does not determine if the hostname is authorized by a trusted authority. A trust decision cannot be made without additionally checking for trust via X509Chain.

This method does not check that the certificate has an id-kp-serverAuth (1.3.6.1.5.5.7.3.1) extended key usage.

Exceptions
Type Condition
ArgumentException

The hostname parameter is not a valid DNS hostname or IP address.
CryptographicException

The certificate contains multiple Subject Alternative Name extensions.

- or -

The Subject Alternative Name extension or Subject Name could not be decoded.
See Also

Reset()

Declaration
public override void Reset()
Overrides

ToString()

Returns a string that represents the current object.

Declaration
public override string ToString()
Returns
Type Description
string

A string that represents the current object.
Overrides

ToString(bool)

Declaration
public override string ToString(bool verbose)
Parameters
Type Name Description
bool verbose
Returns
Type Description
string
Overrides

TryExportCertificatePem(Span<char>, out int)

Attempts to export the public X.509 certificate, encoded as PEM.

Declaration
public bool TryExportCertificatePem(Span<char> destination, out int charsWritten)
Parameters
Type Name Description
Span<char> destination

The buffer to receive the PEM encoded certificate.
int charsWritten

When this method returns, the total number of characters written to destination.
Returns
Type Description
bool

true if destination was large enough to receive the encoded PEM; otherwise, false.
Remarks

A PEM-encoded X.509 certificate will begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----, with the base64 encoded DER contents of the certificate between the PEM boundaries.

The certificate is encoded according to the IETF RFC 7468 "strict" encoding rules.

Exceptions
Type Condition
CryptographicException

The certificate is corrupt, in an invalid state, or could not be exported to PEM.

Verify()

Declaration
public bool Verify()
Returns
Type Description
bool

Implements

Extension Methods