Rebex Secure Mail
SMTP, IMAP, EWS, POP3, S/MIME .NET library
Download 30-day free trial Buy from $299More .NET libraries
-
Rebex FTP/SSL
.NET FTP client
-
Rebex MSG
Outlook MSG file format library
-
Rebex Total Pack
All Rebex .NET libraries together
Back to feature list...
X.509 certificates
On this page:
Certificates are used in TLS/SSL to validate a server in order to make sure you are connecting to the right one. Certificates can be used for client authentication as well. For more information, read our Introduction to Public Key Certificates.
Rebex Secure Mail has its own Certificate class for working with X.509 v3 certificates. It provides the following operations:
Loading certificates
A certificate can be loaded from:
- PKCS #12 (.p7b) and PFX (.pfx) files. These usually contain a private key.
- DER files (.der/.cer), either binary or Base64-encoded. Private key can be loaded from an external key file.
// load a certificate with private key from a PFX file var cert1 = Certificate.LoadPfx(pfxPath, pfxPassword); // load a certificate without a private key from a DER file var cert2 = Certificate.LoadDer(derPath); // load a certificate from a DER file and a private key from a key file var cert3 = Certificate.LoadDerWithKey(derPath, keyPath, keyPassword);
' load a certificate with private key from a PFX file Dim cert1 = Certificate.LoadPfx(pfxPath, pfxPassword) ' load a certificate without a private key from a DER file Dim cert2 = Certificate.LoadDer(derPath) ' load a certificate from a DER file and a private key from a key file Dim cert3 = Certificate.LoadDerWithKey(derPath, keyPath, keyPassword)
Saving certificates
A certificate can be saved either to a PKCS #12 or PFX file or to a DER file.
A certificate's private key (if exportable) can be saved either as a part of PFX file or separately using PKCS #8, PuTTY or OpenSSH format.
// save a certificate with private key to a PFX file cert.Save(@"c:\MyData\cert.pfx", CertificateFormat.Pfx, "password"); // save a certificate to a DER file cert.Save(@"c:\MyData\cert.der", CertificateFormat.Der); // save certificate's private key to a base-64 encoded PKCS #8 file cert.SavePrivateKey(@"c:\MyData\cert.key", "password", PrivateKeyFormat.OpenSsh, true);
' save a certificate with private key to a PFX file
cert.Save("c:\MyData\cert.pfx", CertificateFormat.Pfx, "password")
' save a certificate to a DER file
cert.Save("c:\MyData\cert.der", CertificateFormat.Der)
' save certificate's private key to a base-64 encoded PKCS #8 file
cert.SavePrivateKey("c:\MyData\cert.key", "password", PrivateKeyFormat.Base64Pkcs8, True)
Validating certificates
To check whether a certificate is valid and trusted by Windows certificate infrastructure,
use Certificate.Validate method.
Legacy Windows CE platforms don't natively support certificates signed using algorithms based on SHA-2 hashes. As a workaround for this major OS limitation, we introduced a built-in certificate validator in the 2016 R3 release.
// validate a certificate
var res1 = cert.Validate();
if (!res1.Valid)
Console.Write("Validation failed: {0} (error {1}).", res1.Status, res1.NativeErrorCode);
// validate a server certificate for 'serverName',
// skip revocation check and don't care if it's expired or not valid yet
var res2 = cert.Validate(serverName,
ValidationOptions.SkipRevocationCheck |
ValidationOptions.IgnoreTimeNotValid);
if (!res2.Valid)
Console.Write("Validation failed: {0} (error {1}).", res2.Status, res2.NativeErrorCode);
' validate a certificate
Dim res1 = cert.Validate()
If Not res1.Valid Then
Console.Write("Validation failed: {0} (error {1}).", res1.Status, res1.NativeErrorCode)
End If
' validate a server certificate for 'serverName',
' skip revocation check and don't care if it's expired or not valid yet
Dim res2 = cert.Validate(serverName, _
ValidationOptions.SkipRevocationCheck Or _
ValidationOptions.IgnoreTimeNotValid)
If Not res2.Valid Then
Console.Write("Validation failed: {0} (error {1}).", res2.Status, res2.NativeErrorCode)
End If
Windows certificate store management
Microsoft Windows provides a system-wide storage for X.509 certificates and private keys. The storage is used by applications such as Internet Explorer, Google Chrome, Microsoft Outlook or Windows Live Mail.
Windows certificate store can be managed using Rebex Secure Mail CertificateStore class:
Manage personal certificate store
// load a certificate from file
var cert = Certificate.LoadPfx(certPath, certPassword, KeySetOptions.Exportable);
// add the certificate to the "Personal Certificates" store
var store = new CertificateStore(CertificateStoreName.My);
store.Add(cert);
// find all not-expired certificates from issuer named "TestCA"
var dn = new DistinguishedName("CN=TestCA, O=Rebex, C=CZ");
var found = store.FindCertificates(dn, CertificateFindOptions.IsTimeValid);
Console.WriteLine("{0} certificates found.", found.Length);
// remove the certificate from store
store.Remove(cert);
' load a certificate from file
Dim cert = Certificate.LoadPfx(certPath, certPassword, KeySetOptions.Exportable)
' add the certificate to the "Personal Certificates" store
Dim store = New CertificateStore(CertificateStoreName.My)
store.Add(cert)
' find all not-expired certificates from issuer named "TestCA"
Dim dn = New DistinguishedName("CN=TestCA, O=Rebex, C=CZ")
Dim found = store.FindCertificates(dn, CertificateFindOptions.IsTimeValid)
Console.WriteLine("{0} certificates found.", found.Length)
' remove the certificate from store
store.Remove(cert)
Add a certificate to trusted root certification authorities store
// load a certificate from file var cert = Certificate.LoadDer(certPath); // add the certificate to the "Trusted Root Certificates" store var store = new CertificateStore(CertificateStoreName.Root); store.Add(cert);
' load a certificate from file Dim cert = Certificate.LoadDer(certPath) ' add the certificate to the "Trusted Root Certificates" store Dim store = New CertificateStore(CertificateStoreName.Root) store.Add(cert)
Back to feature list...