X509ChainStatusFlags Enum

Definition

Namespace:

System.Security.Cryptography.X509Certificates

Assembly:

System.Security.Cryptography.dll

Defines the status of an X509 chain.

This enumeration supports a bitwise combination of its member values.

public enum class X509ChainStatusFlags

[System.Flags]
public enum X509ChainStatusFlags

[<System.Flags>]
type X509ChainStatusFlags = 

Public Enum X509ChainStatusFlags

Inheritance

Object

ValueType

Enum

X509ChainStatusFlags

Attributes

FlagsAttribute

Fields

NoError	0	Specifies that the X509 chain has no errors.
NotTimeValid	1	Specifies that the X509 chain is not valid due to an invalid time value, such as a value that indicates an expired certificate.
NotTimeNested	2	Deprecated. Specifies that the CA (certificate authority) certificate and the issued certificate have validity periods that are not nested. For example, the CA cert can be valid from January 1 to December 1 and the issued certificate from January 2 to December 2, which would mean the validity periods are not nested.
Revoked	4	Specifies that the X509 chain is invalid due to a revoked certificate.
NotSignatureValid	8	Specifies that the X509 chain is invalid due to an invalid certificate signature.
NotValidForUsage	16	Specifies that the key usage is not valid.
UntrustedRoot	32	Specifies that the X509 chain is invalid due to an untrusted root certificate.
RevocationStatusUnknown	64	Specifies that it is not possible to determine whether the certificate has been revoked. This can be due to the certificate revocation list (CRL) being offline or unavailable.
Cyclic	128	Specifies that the X509 chain could not be built.
InvalidExtension	256	Specifies that the X509 chain is invalid due to an invalid extension.
InvalidPolicyConstraints	512	Specifies that the X509 chain is invalid due to invalid policy constraints.
InvalidBasicConstraints	1024	Specifies that the X509 chain is invalid due to invalid basic constraints.
InvalidNameConstraints	2048	Specifies that the X509 chain is invalid due to invalid name constraints.
HasNotSupportedNameConstraint	4096	Specifies that the certificate does not have a supported name constraint or has a name constraint that is unsupported.
HasNotDefinedNameConstraint	8192	Specifies that the certificate has an undefined name constraint.
HasNotPermittedNameConstraint	16384	Specifies that the certificate has an impermissible name constraint.
HasExcludedNameConstraint	32768	Specifies that the X509 chain is invalid because a certificate has excluded a name constraint.
PartialChain	65536	Specifies that the X509 chain could not be built up to the root certificate.
CtlNotTimeValid	131072	Specifies that the certificate trust list (CTL) is not valid because of an invalid time value, such as one that indicates that the CTL has expired.
CtlNotSignatureValid	262144	Specifies that the certificate trust list (CTL) contains an invalid signature.
CtlNotValidForUsage	524288	Specifies that the certificate trust list (CTL) is not valid for this use.
HasWeakSignature	1048576	Specifies that the certificate has not been strong signed. Typically, this indicates that the MD2 or MD5 hashing algorithms were used to create a hash of the certificate.
OfflineRevocation	16777216	Specifies that the online certificate revocation list (CRL) the X509 chain relies on is currently offline.
NoIssuanceChainPolicy	33554432	Specifies that there is no certificate policy extension in the certificate. This error would occur if a group policy has specified that all certificates must have a certificate policy.
ExplicitDistrust	67108864	Specifies that the certificate is explicitly distrusted.
HasNotSupportedCriticalExtension	134217728	Specifies that the certificate does not support a critical extension.

Remarks

This enumeration is used in conjunction with the X509ChainStatus structure and the ChainStatus property.

The flags ExplicitDistrust, HasNotSupportedCriticalExtension and HasWeakSignature were introduced with the .NET Framework 4.6.1.