X509Chain.ChainPolicy Property

Definition

Namespace:

System.Security.Cryptography.X509Certificates

Assembly:

System.Security.Cryptography.dll

Source:

X509Chain.cs

Gets or sets the X509ChainPolicy to use when building an X.509 certificate chain.

public:
 property System::Security::Cryptography::X509Certificates::X509ChainPolicy ^ ChainPolicy { System::Security::Cryptography::X509Certificates::X509ChainPolicy ^ get(); void set(System::Security::Cryptography::X509Certificates::X509ChainPolicy ^ value); };

public System.Security.Cryptography.X509Certificates.X509ChainPolicy ChainPolicy { get; set; }

member this.ChainPolicy : System.Security.Cryptography.X509Certificates.X509ChainPolicy with get, set

Public Property ChainPolicy As X509ChainPolicy

Property Value

X509ChainPolicy

The X509ChainPolicy object associated with this X.509 chain.

Exceptions

ArgumentNullException

The value being set for this property is null.

Examples

The following code example opens the current user's personal certificate store, allows you to select a certificate, then writes certificate and certificate chain information to the console. The output depends on the certificate you select.

//Output chain information of the selected certificate.
X509Chain ^ ch = gcnew X509Chain;
ch->ChainPolicy->RevocationMode = X509RevocationMode::Online;
ch->Build( certificate );
Console::WriteLine( "Chain Information" );
Console::WriteLine( "Chain revocation flag: {0}", ch->ChainPolicy->RevocationFlag );
Console::WriteLine( "Chain revocation mode: {0}", ch->ChainPolicy->RevocationMode );
Console::WriteLine( "Chain verification flag: {0}", ch->ChainPolicy->VerificationFlags );
Console::WriteLine( "Chain verification time: {0}", ch->ChainPolicy->VerificationTime );
Console::WriteLine( "Chain status length: {0}", ch->ChainStatus->Length );
Console::WriteLine( "Chain application policy count: {0}", ch->ChainPolicy->ApplicationPolicy->Count );
Console::WriteLine( "Chain certificate policy count: {0} {1}", ch->ChainPolicy->CertificatePolicy->Count, Environment::NewLine );

//Output chain information of the selected certificate.
X509Chain ch = new X509Chain();
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
ch.Build (certificate);
Console.WriteLine ("Chain Information");
Console.WriteLine ("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
Console.WriteLine ("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
Console.WriteLine ("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
Console.WriteLine ("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
Console.WriteLine ("Chain status length: {0}", ch.ChainStatus.Length);
Console.WriteLine ("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
Console.WriteLine ("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);

'Output chain information of the selected certificate.
Dim ch As New X509Chain()
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online
ch.Build(certificate)
Console.WriteLine("Chain Information")
Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag)
Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode)
Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags)
Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime)
Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length)
Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count)
Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine)

Remarks

Use this property to set chain policy. For example, you can specify the Enhanced Key Usage (EKU) for which the chain should be validated, or specify revocation checking.