Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class System.Security.Cryptography.X509Certificates.X509Certificate2
Assembly: System.Security.Cryptography
Inheritance: object → X509Certificate → X509Certificate2
Implemented Interfaces
- IDisposable Implemented by: X509Certificate
- Runtime.Serialization.IDeserializationCallback Implemented by: X509Certificate
- Runtime.Serialization.ISerializable Implemented by: X509Certificate
Represents an X.509 certificate.
Properties
public
bool
Archived
Gets or sets a value indicating that an X.509 certificate is archived.
public
X509ExtensionCollection
Extensions
Gets a collection of <see cref="T:System.Security.Cryptography.X509Certificates.X509Extension" /> objects.
public
string
FriendlyName
Gets or sets the associated alias for a certificate.
public
bool
HasPrivateKey
Gets a value that indicates whether an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object contains a private key.
public
X500DistinguishedName
IssuerName
Gets the distinguished name of the certificate issuer.
public
DateTime
NotAfter
Gets the date in local time after which a certificate is no longer valid.
public
DateTime
NotBefore
Gets the date in local time on which a certificate becomes valid.
public
AsymmetricAlgorithm
PrivateKey
Gets or sets the <see cref="T:System.Security.Cryptography.AsymmetricAlgorithm" /> object that represents the private key associated with a certificate.
public
PublicKey
PublicKey
Gets a <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.PublicKey" /> object associated with a certificate.
public
byte[]
RawData
Gets the raw X.509 public data of a certificate.
public
ReadOnlyMemory<byte>
RawDataMemory
Gets the raw X.509 public data of a certificate.
public
string
SerialNumber
Gets the serial number of a certificate as a big-endian hexadecimal string.
public
Oid
SignatureAlgorithm
Gets the algorithm used to create the signature of a certificate.
public
X500DistinguishedName
SubjectName
Gets the subject distinguished name from a certificate.
public
string
Thumbprint
Gets the thumbprint of a certificate.
public
int
Version
Gets the X.509 format version of a certificate.
public
nint
Handle
Gets a handle to a Microsoft Cryptographic API certificate context described by an unmanaged <see langword="PCCERT_CONTEXT" /> structure.
public
string
Issuer
Gets the name of the certificate authority that issued the X.509v3 certificate.
public
ReadOnlyMemory<byte>
SerialNumberBytes
Gets the big-endian representation of the certificate's serial number.
public
string
Subject
Gets the subject distinguished name from the certificate.
Methods
public
X509Certificate2
CopyWithPrivateKey(CompositeMLDsa privateKey)
<para>Combines a private key with a certificate containing the associated public key into a new instance that can access the private key.</para>
Returns <para>A new certificate with the <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> property set to <see langword="true" />.</para> <para>The current certificate isn't modified.</para>
privateKey
The Composite ML-DSA private key that corresponds to the Composite ML-DSA public key in this certificate.
public
X509Certificate2
CopyWithPrivateKey(ECDiffieHellman privateKey)
Combines a private key with the public key of an <see cref="T:System.Security.Cryptography.ECDiffieHellman" /> certificate to generate a new ECDiffieHellman certificate.
Returns A new ECDiffieHellman certificate with the <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> property set to <see langword="true" /> .
The current certificate isn't modified.
privateKey
The private ECDiffieHellman key.
public
X509Certificate2
CopyWithPrivateKey(MLDsa privateKey)
<para>Combines a private key with a certificate containing the associated public key into a new instance that can access the private key.</para>
Returns <para>A new certificate with the <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> property set to <see langword="true" />.</para> <para>The current certificate isn't modified.</para>
privateKey
The ML-DSA private key that corresponds to the ML-DSA public key in this certificate.
public
X509Certificate2
CopyWithPrivateKey(MLKem privateKey)
<para>Combines a private key with a certificate containing the associated public key into a new instance that can access the private key.</para>
Returns <para>A new certificate with the <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> property set to <see langword="true" />.</para> <para>The current certificate isn't modified.</para>
privateKey
The ML-KEM private key that corresponds to the ML-KEM public key in this certificate.
public
X509Certificate2
CopyWithPrivateKey(SlhDsa privateKey)
<para>Combines a private key with a certificate containing the associated public key into a new instance that can access the private key.</para>
Returns <para>A new certificate with the <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> property set to <see langword="true" />.</para> <para>The current certificate isn't modified.</para>
privateKey
The SLH-DSA private key that corresponds to the SLH-DSA public key in this certificate.
public static
X509Certificate2
CreateFromEncryptedPem(ReadOnlySpan<char> certPem,
ReadOnlySpan<char> keyPem,
ReadOnlySpan<char> password)
Creates a new X509 certificate from the contents of an RFC 7468 PEM-encoded certificate and password protected private key.
Returns A new certificate with the private key.
certPem
The text of the PEM-encoded X509 certificate.
keyPem
The text of the password protected PEM-encoded private key.
password
The password for the encrypted PEM.
public static
X509Certificate2
CreateFromEncryptedPemFile(string certPemFilePath,
ReadOnlySpan<char> password,
string keyPemFilePath = null)
Creates a new X509 certificate from the file contents of an RFC 7468 PEM-encoded certificate and password protected private key.
Returns A new certificate with the private key.
certPemFilePath
The path for the PEM-encoded X509 certificate.
password
The password for the encrypted PEM.
keyPemFilePath
If specified, the path for the password protected PEM-encoded private key.
If unspecified, the <paramref name="certPemFilePath" /> file will be used to load the private key.
public static
X509Certificate2
CreateFromPem(ReadOnlySpan<char> certPem)
Creates a new X509 certificate from the contents of an RFC 7468 PEM-encoded certificate.
Returns A new X509 certificate.
certPem
The text of the PEM-encoded X509 certificate.
public static
X509Certificate2
CreateFromPem(ReadOnlySpan<char> certPem,
ReadOnlySpan<char> keyPem)
Creates a new X509 certificate from the contents of an RFC 7468 PEM-encoded certificate and private key.
Returns A new certificate with the private key.
certPem
The text of the PEM-encoded X509 certificate.
keyPem
The text of the PEM-encoded private key.
public static
X509Certificate2
CreateFromPemFile(string certPemFilePath,
string keyPemFilePath = null)
Creates a new X509 certificate from the file contents of an RFC 7468 PEM-encoded certificate and private key.
Returns A new certificate with the private key.
certPemFilePath
The path for the PEM-encoded X509 certificate.
keyPemFilePath
If specified, the path for the PEM-encoded private key.
If unspecified, the <paramref name="certPemFilePath" /> file will be used to load the private key.
public
string
ExportCertificatePem()
Exports the public X.509 certificate, encoded as PEM.
Returns The PEM encoding of the certificate.
public static
X509ContentType
GetCertContentType(byte[] rawData)
Indicates the type of certificate contained in a byte array.
Returns An <see cref="T:System.Security.Cryptography.X509Certificates.X509ContentType" /> object.
rawData
A byte array containing data from an X.509 certificate.
public static
X509ContentType
GetCertContentType(ReadOnlySpan<byte> rawData)
Indicates the type of certificate contained in the provided data.
Returns One of the enumeration values that indicate the content type of the provided data.
rawData
The data to identify.
public static
X509ContentType
GetCertContentType(string fileName)
Indicates the type of certificate contained in a file.
Returns An <see cref="T:System.Security.Cryptography.X509Certificates.X509ContentType" /> object.
fileName
The name of a certificate file.
public
CompositeMLDsa
GetCompositeMLDsaPrivateKey()
Gets the <see cref="T:System.Security.Cryptography.CompositeMLDsa" /> private key from this certificate.
Returns The private key, or <see langword="null" /> if this certificate does not have a Composite ML-DSA private key.
public
CompositeMLDsa
GetCompositeMLDsaPublicKey()
Gets the <see cref="T:System.Security.Cryptography.CompositeMLDsa" /> public key from this certificate.
Returns The public key, or <see langword="null" /> if this certificate does not have a Composite ML-DSA public key.
public
ECDiffieHellman
GetECDiffieHellmanPrivateKey()
Gets the <see cref="T:System.Security.Cryptography.ECDiffieHellman" /> private key from this certificate.
Returns The private key, or <see langword="null" /> if this certificate does not have an ECDiffieHellman private key.
public
ECDiffieHellman
GetECDiffieHellmanPublicKey()
Gets the <see cref="T:System.Security.Cryptography.ECDiffieHellman" /> public key from this certificate.
Returns The public key, or <see langword="null" /> if this certificate does not have an ECDiffieHellman public key.
public
MLDsa
GetMLDsaPrivateKey()
Gets the <see cref="T:System.Security.Cryptography.MLDsa" /> private key from this certificate.
Returns The private key, or <see langword="null" /> if this certificate does not have an ML-DSA private key.
public
MLDsa
GetMLDsaPublicKey()
Gets the <see cref="T:System.Security.Cryptography.MLDsa" /> public key from this certificate.
Returns The public key, or <see langword="null" /> if this certificate does not have an ML-DSA public key.
public
MLKem
GetMLKemPrivateKey()
Gets the <see cref="T:System.Security.Cryptography.MLKem" /> private key from this certificate.
Returns The private key, or <see langword="null" /> if this certificate does not have an ML-KEM private key.
public
MLKem
GetMLKemPublicKey()
Gets the <see cref="T:System.Security.Cryptography.MLKem" /> public key from this certificate.
Returns The public key, or <see langword="null" /> if this certificate does not have an ML-KEM public key.
public
string
GetNameInfo(X509NameType nameType,
bool forIssuer)
Gets the subject and issuer names from a certificate.
Returns The name of the certificate.
nameType
The <see cref="T:System.Security.Cryptography.X509Certificates.X509NameType" /> value for the subject.
forIssuer
<see langword="true" /> to include the issuer name; otherwise, <see langword="false" /> .
public
SlhDsa
GetSlhDsaPrivateKey()
Gets the <see cref="T:System.Security.Cryptography.SlhDsa" /> private key from this certificate.
Returns The private key, or <see langword="null" /> if this certificate does not have an SLH-DSA private key.
public
SlhDsa
GetSlhDsaPublicKey()
Gets the <see cref="T:System.Security.Cryptography.SlhDsa" /> public key from this certificate.
Returns The public key, or <see langword="null" /> if this certificate does not have an SLH-DSA public key.
public
void
Import(byte[] rawData)
Populates an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object with data from a byte array.
rawData
A byte array containing data from an X.509 certificate.
public
void
Import(byte[] rawData,
SecureString? password,
X509KeyStorageFlags keyStorageFlags)
Populates an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object using data from a byte array, a password, and a key storage flag.
rawData
A byte array that contains data from an X.509 certificate.
password
The password required to access the X.509 certificate data.
keyStorageFlags
A bitwise combination of the enumeration values that control where and how to import the certificate.
public
void
Import(byte[] rawData,
string password,
X509KeyStorageFlags keyStorageFlags)
Populates an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object using data from a byte array, a password, and flags for determining how to import the private key.
rawData
A byte array containing data from an X.509 certificate.
password
The password required to access the X.509 certificate data.
keyStorageFlags
A bitwise combination of the enumeration values that control where and how to import the certificate.
public
void
Import(string fileName)
Populates an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object with information from a certificate file.
fileName
The name of a certificate.
public
void
Import(string fileName,
SecureString? password,
X509KeyStorageFlags keyStorageFlags)
Populates an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object with information from a certificate file, a password, and a key storage flag.
fileName
The name of a certificate file.
password
The password required to access the X.509 certificate data.
keyStorageFlags
A bitwise combination of the enumeration values that control where and how to import the certificate.
public
void
Import(string fileName,
string password,
X509KeyStorageFlags keyStorageFlags)
Populates an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object with information from a certificate file, a password, and a <see cref="T:System.Security.Cryptography.X509Certificates.X509KeyStorageFlags" /> value.
fileName
The name of a certificate file.
password
The password required to access the X.509 certificate data.
keyStorageFlags
A bitwise combination of the enumeration values that control where and how to import the certificate.
public
bool
MatchesHostname(string hostname,
bool allowWildcards = true,
bool allowCommonName = true)
Checks to see if the certificate matches the provided host name.
Returns <see langword="true" /> if the certificate is a match for the requested hostname; otherwise, <see langword="false" />
hostname
The host name to match against.
allowWildcards
<see langword="true" /> to allow wildcard matching for <c>dNSName</c> values in the Subject Alternative Name extension; otherwise, <see langword="false" /> .
allowCommonName
<see langword="true" /> to allow matching against the subject Common Name value; otherwise, <see langword="false" /> .
public
void
Reset()
Resets the state of an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object.
public
string
ToString()
Displays an X.509 certificate in text format.
Returns The certificate information.
public
string
ToString(bool verbose)
Displays an X.509 certificate in text format.
Returns The certificate information.
verbose
<see langword="true" /> to display the public key, private key, extensions, and so forth; <see langword="false" /> to display information that is similar to the <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> class, including thumbprint, serial number, subject and issuer names, and so on.
public
bool
Verify()
Performs a X.509 chain validation using basic validation policy.
Returns <see langword="true" /> if the validation succeeds; <see langword="false" /> if the validation fails.
public
void
Dispose()
Inherited from X509Certificate
Releases all resources used by the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object.
protected
void
Dispose(bool disposing)
Inherited from X509Certificate
Releases all of the unmanaged resources used by this <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> and optionally releases the managed resources.
disposing
<see langword="true" /> to release both managed and unmanaged resources; <see langword="false" /> to release only unmanaged resources.
public
bool
Equals(object obj)
Inherited from X509Certificate
Compares two <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> objects for equality.
Returns <see langword="true" /> if the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object is equal to the object specified by the <paramref name="obj" /> parameter; otherwise, <see langword="false" /> .
obj
An <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object to compare to the current object.
public
bool
Equals(X509Certificate other)
Inherited from X509Certificate
Compares two <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> objects for equality.
Returns <see langword="true" /> if the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object is equal to the object specified by the <paramref name="other" /> parameter; otherwise, <see langword="false" /> .
other
An <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object to compare to the current object.
public
byte[]
Export(X509ContentType contentType)
Inherited from X509Certificate
Exports the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object to a byte array in a format described by one of the <see cref="T:System.Security.Cryptography.X509Certificates.X509ContentType" /> values.
Returns An array of bytes that represents the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object.
contentType
One of the <see cref="T:System.Security.Cryptography.X509Certificates.X509ContentType" /> values that describes how to format the output data.
public
byte[]
Export(X509ContentType contentType,
SecureString? password)
Inherited from X509Certificate
Exports the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object to a byte array using the specified format and a password.
Returns A byte array that represents the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object.
contentType
One of the <see cref="T:System.Security.Cryptography.X509Certificates.X509ContentType" /> values that describes how to format the output data.
password
The password required to access the X.509 certificate data.
public
byte[]
Export(X509ContentType contentType,
string password)
Inherited from X509Certificate
Exports the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object to a byte array in a format described by one of the <see cref="T:System.Security.Cryptography.X509Certificates.X509ContentType" /> values, and using the specified password.
Returns An array of bytes that represents the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object.
contentType
One of the <see cref="T:System.Security.Cryptography.X509Certificates.X509ContentType" /> values that describes how to format the output data.
password
The password required to access the X.509 certificate data.
public
byte[]
ExportPkcs12(PbeParameters exportParameters,
string password)
Inherited from X509Certificate
Exports the certificate and private key in PKCS#12 / PFX format.
Returns A byte array containing the encoded PKCS#12.
exportParameters
The algorithm parameters to use for the export.
password
The password to use for the export.
public
byte[]
ExportPkcs12(Pkcs12ExportPbeParameters exportParameters,
string password)
Inherited from X509Certificate
Exports the certificate and private key in PKCS#12 / PFX format.
Returns A byte array containing the encoded PKCS#12.
exportParameters
The algorithm parameters to use for the export.
password
The password to use for the export.
public
byte[]
GetCertHash()
Inherited from X509Certificate
Returns the hash value for the X.509v3 certificate as an array of bytes.
Returns The hash value for the X.509 certificate.
public
byte[]
GetCertHash(HashAlgorithmName hashAlgorithm)
Inherited from X509Certificate
Returns the hash value for the X.509v3 certificate that is computed by using the specified cryptographic hash algorithm.
Returns A byte array that contains the hash value for the X.509 certificate.
hashAlgorithm
The name of the cryptographic hash algorithm to use.
public
string
GetCertHashString()
Inherited from X509Certificate
Returns the SHA-1 hash value for the X.509v3 certificate as a hexadecimal string.
Returns The hexadecimal string representation of the X.509 certificate hash value.
public
string
GetCertHashString(HashAlgorithmName hashAlgorithm)
Inherited from X509Certificate
Returns a hexadecimal string containing the hash value for the X.509v3 certificate computed using the specified cryptographic hash algorithm.
Returns The hexadecimal string representation of the X.509 certificate hash value.
hashAlgorithm
The name of the cryptographic hash algorithm to use.
public
string
GetEffectiveDateString()
Inherited from X509Certificate
Returns the effective date of this X.509v3 certificate.
Returns The effective date for this X.509 certificate.
public
string
GetExpirationDateString()
Inherited from X509Certificate
Returns the expiration date of this X.509v3 certificate.
Returns The expiration date for this X.509 certificate.
public
string
GetFormat()
Inherited from X509Certificate
Returns the name of the format of this X.509v3 certificate.
Returns The format of this X.509 certificate.
public
int
GetHashCode()
Inherited from X509Certificate
Returns the hash code for the X.509v3 certificate as an integer.
Returns The hash code for the X.509 certificate as an integer.
public
string
GetIssuerName()
Inherited from X509Certificate
Returns the name of the certification authority that issued the X.509v3 certificate.
Returns The name of the certification authority that issued the X.509 certificate.
public
string
GetKeyAlgorithm()
Inherited from X509Certificate
Returns the key algorithm information for this X.509v3 certificate as a string.
Returns The key algorithm information for this X.509 certificate as a string.
public
byte[]
GetKeyAlgorithmParameters()
Inherited from X509Certificate
Returns the key algorithm parameters for the X.509v3 certificate as an array of bytes.
Returns The key algorithm parameters for the X.509 certificate as an array of bytes.
public
string
GetKeyAlgorithmParametersString()
Inherited from X509Certificate
Returns the key algorithm parameters for the X.509v3 certificate as a hexadecimal string.
Returns The key algorithm parameters for the X.509 certificate as a hexadecimal string.
public
string
GetName()
Inherited from X509Certificate
Returns the name of the principal to which the certificate was issued.
Returns The name of the principal to which the certificate was issued.
public
byte[]
GetPublicKey()
Inherited from X509Certificate
Returns the public key for the X.509v3 certificate as an array of bytes.
Returns The public key for the X.509 certificate as an array of bytes.
public
string
GetPublicKeyString()
Inherited from X509Certificate
Returns the public key for the X.509v3 certificate as a hexadecimal string.
Returns The public key for the X.509 certificate as a hexadecimal string.
public
byte[]
GetRawCertData()
Inherited from X509Certificate
Returns the raw data for the entire X.509v3 certificate as an array of bytes.
Returns A byte array containing the X.509 certificate data.
public
string
GetRawCertDataString()
Inherited from X509Certificate
Returns the raw data for the entire X.509v3 certificate as a hexadecimal string.
Returns The X.509 certificate data as a hexadecimal string.
public
byte[]
GetSerialNumber()
Inherited from X509Certificate
Returns the serial number of the X.509v3 certificate as an array of bytes in little-endian order.
Returns The serial number of the X.509 certificate as an array of bytes in little-endian order.
public
string
GetSerialNumberString()
Inherited from X509Certificate
Returns the serial number of the X.509v3 certificate as a big-endian hexadecimal string.
Returns The serial number of the X.509 certificate as a big-endian hexadecimal string.
public
bool
TryGetCertHash(HashAlgorithmName hashAlgorithm,
Span<byte> destination,
Int32& bytesWritten)
Inherited from X509Certificate
protected
void
Finalize()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object