HOWTO: Validating X.509 certificates on Xamarin.Android and Xamarin.iOS

As of January 2020, standard .NET API for X.509 certificate validation (X509Chain.Build method) still does not appear to be working properly. To make it possible for our users to easily validate certificates on Xamarin platforms, we introduced a set of Rebex.Common.Native.dll assemblies that use APIs of Xamarin.Android's Java interop and Xamarin.iOS' Security namespace to provide an X.509 certificate validator suitable for these two Xamarin platforms.

Usage instructions

Rebex.Common.Native.dll assemblies can be found in "bin/xamarin.android" and "bin/xamarin.ios" subfolders of Rebex components install folder. Alternatively, they are distributed as a NuGet package, which also provides a compatible API for other mainstream platforms.

To enable a certificate validator suitable for Xamarin.Android and/or Xamarin.iOS, add a reference to Rebex.Common.Native assembly (or the NuGet package) to your project, and use the NativeCertificateEngine class as your certificate engine:

using Rebex.Security.Certificates;
...

CertificateEngine.SetCurrentEngine(new NativeCertificateEngine());

Once this is done, Rebex components will use NativeCertificateEngine for certificate validation and chain building.

Limitations

NativeCertificateEngine does not currently support ValidationOptions.