Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class System.Security.Cryptography.X509Certificates.X509Certificate2
Assembly: System.Security.Cryptography
Inheritance: object → X509Certificate → X509Certificate2
Represents an X.509 certificate.
Properties
public
bool
Archived
Gets or sets a value indicating that an X.509 certificate is archived.
public
X509ExtensionCollection
Extensions
Gets a collection of <see cref="T:System.Security.Cryptography.X509Certificates.X509Extension" /> objects.
public
string
FriendlyName
Gets or sets the associated alias for a certificate.
public
bool
HasPrivateKey
Gets a value that indicates whether an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object contains a private key.
public
X500DistinguishedName
IssuerName
Gets the distinguished name of the certificate issuer.
public
DateTime
NotAfter
Gets the date in local time after which a certificate is no longer valid.
public
DateTime
NotBefore
Gets the date in local time on which a certificate becomes valid.
public
AsymmetricAlgorithm
PrivateKey
Gets or sets the <see cref="T:System.Security.Cryptography.AsymmetricAlgorithm" /> object that represents the private key associated with a certificate.
public
PublicKey
PublicKey
Gets a <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.PublicKey" /> object associated with a certificate.
public
byte[]
RawData
Gets the raw X.509 public data of a certificate.
public
ReadOnlyMemory`1
RawDataMemory
Gets the raw X.509 public data of a certificate.
public
string
SerialNumber
Gets the serial number of a certificate as a big-endian hexadecimal string.
public
Oid
SignatureAlgorithm
Gets the algorithm used to create the signature of a certificate.
public
X500DistinguishedName
SubjectName
Gets the subject distinguished name from a certificate.
public
string
Thumbprint
Gets the thumbprint of a certificate.
public
int
Version
Gets the X.509 format version of a certificate.
public
nint
Handle
Gets a handle to a Microsoft Cryptographic API certificate context described by an unmanaged <see langword="PCCERT_CONTEXT" /> structure.
public
string
Issuer
Gets the name of the certificate authority that issued the X.509v3 certificate.
public
ReadOnlyMemory`1
SerialNumberBytes
Gets the big-endian representation of the certificate's serial number.
public
string
Subject
Gets the subject distinguished name from the certificate.
Methods
public
X509Certificate2
CopyWithPrivateKey(CompositeMLDsa privateKey)
privateKey
The Composite ML-DSA private key that corresponds to the Composite ML-DSA public key in this certificate.
Returns <para>A new certificate with the <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> property set to <see langword="true" />.</para> <para>The current certificate isn't modified.</para>
<para>Combines a private key with a certificate containing the associated public key into a new instance that can access the private key.</para>
public
X509Certificate2
CopyWithPrivateKey(ECDiffieHellman privateKey)
privateKey
The private ECDiffieHellman key.
Returns A new ECDiffieHellman certificate with the <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> property set to <see langword="true" /> .
The current certificate isn't modified.
Combines a private key with the public key of an <see cref="T:System.Security.Cryptography.ECDiffieHellman" /> certificate to generate a new ECDiffieHellman certificate.
public
X509Certificate2
CopyWithPrivateKey(MLDsa privateKey)
privateKey
The ML-DSA private key that corresponds to the ML-DSA public key in this certificate.
Returns <para>A new certificate with the <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> property set to <see langword="true" />.</para> <para>The current certificate isn't modified.</para>
<para>Combines a private key with a certificate containing the associated public key into a new instance that can access the private key.</para>
public
X509Certificate2
CopyWithPrivateKey(MLKem privateKey)
privateKey
The ML-KEM private key that corresponds to the ML-KEM public key in this certificate.
Returns <para>A new certificate with the <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> property set to <see langword="true" />.</para> <para>The current certificate isn't modified.</para>
<para>Combines a private key with a certificate containing the associated public key into a new instance that can access the private key.</para>
public
X509Certificate2
CopyWithPrivateKey(SlhDsa privateKey)
privateKey
The SLH-DSA private key that corresponds to the SLH-DSA public key in this certificate.
Returns <para>A new certificate with the <see cref="P:System.Security.Cryptography.X509Certificates.X509Certificate2.HasPrivateKey" /> property set to <see langword="true" />.</para> <para>The current certificate isn't modified.</para>
<para>Combines a private key with a certificate containing the associated public key into a new instance that can access the private key.</para>
public
string
ExportCertificatePem() Returns The PEM encoding of the certificate.
Exports the public X.509 certificate, encoded as PEM.
public
CompositeMLDsa
GetCompositeMLDsaPrivateKey() Returns The private key, or <see langword="null" /> if this certificate does not have a Composite ML-DSA private key.
Gets the <see cref="T:System.Security.Cryptography.CompositeMLDsa" /> private key from this certificate.
public
CompositeMLDsa
GetCompositeMLDsaPublicKey() Returns The public key, or <see langword="null" /> if this certificate does not have a Composite ML-DSA public key.
Gets the <see cref="T:System.Security.Cryptography.CompositeMLDsa" /> public key from this certificate.
public
ECDiffieHellman
GetECDiffieHellmanPrivateKey() Returns The private key, or <see langword="null" /> if this certificate does not have an ECDiffieHellman private key.
Gets the <see cref="T:System.Security.Cryptography.ECDiffieHellman" /> private key from this certificate.
public
ECDiffieHellman
GetECDiffieHellmanPublicKey() Returns The public key, or <see langword="null" /> if this certificate does not have an ECDiffieHellman public key.
Gets the <see cref="T:System.Security.Cryptography.ECDiffieHellman" /> public key from this certificate.
public
MLDsa
GetMLDsaPrivateKey() Returns The private key, or <see langword="null" /> if this certificate does not have an ML-DSA private key.
Gets the <see cref="T:System.Security.Cryptography.MLDsa" /> private key from this certificate.
public
MLDsa
GetMLDsaPublicKey() Returns The public key, or <see langword="null" /> if this certificate does not have an ML-DSA public key.
Gets the <see cref="T:System.Security.Cryptography.MLDsa" /> public key from this certificate.
public
MLKem
GetMLKemPrivateKey() Returns The private key, or <see langword="null" /> if this certificate does not have an ML-KEM private key.
Gets the <see cref="T:System.Security.Cryptography.MLKem" /> private key from this certificate.
public
MLKem
GetMLKemPublicKey() Returns The public key, or <see langword="null" /> if this certificate does not have an ML-KEM public key.
Gets the <see cref="T:System.Security.Cryptography.MLKem" /> public key from this certificate.
public
string
GetNameInfo(X509NameType nameType,
bool forIssuer)
nameType
The <see cref="T:System.Security.Cryptography.X509Certificates.X509NameType" /> value for the subject.
forIssuer
<see langword="true" /> to include the issuer name; otherwise, <see langword="false" /> .
Returns The name of the certificate.
Gets the subject and issuer names from a certificate.
public
SlhDsa
GetSlhDsaPrivateKey() Returns The private key, or <see langword="null" /> if this certificate does not have an SLH-DSA private key.
Gets the <see cref="T:System.Security.Cryptography.SlhDsa" /> private key from this certificate.
public
SlhDsa
GetSlhDsaPublicKey() Returns The public key, or <see langword="null" /> if this certificate does not have an SLH-DSA public key.
Gets the <see cref="T:System.Security.Cryptography.SlhDsa" /> public key from this certificate.
public
void
Import(byte[] rawData)
rawData
A byte array containing data from an X.509 certificate.
Populates an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object with data from a byte array.
public
void
Import(byte[] rawData,
SecureString password,
X509KeyStorageFlags keyStorageFlags)
rawData
A byte array that contains data from an X.509 certificate.
password
The password required to access the X.509 certificate data.
keyStorageFlags
A bitwise combination of the enumeration values that control where and how to import the certificate.
Populates an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object using data from a byte array, a password, and a key storage flag.
public
void
Import(byte[] rawData,
string password,
X509KeyStorageFlags keyStorageFlags)
rawData
A byte array containing data from an X.509 certificate.
password
The password required to access the X.509 certificate data.
keyStorageFlags
A bitwise combination of the enumeration values that control where and how to import the certificate.
Populates an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object using data from a byte array, a password, and flags for determining how to import the private key.
public
void
Import(string fileName)
fileName
The name of a certificate.
Populates an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object with information from a certificate file.
public
void
Import(string fileName,
SecureString password,
X509KeyStorageFlags keyStorageFlags)
fileName
The name of a certificate file.
password
The password required to access the X.509 certificate data.
keyStorageFlags
A bitwise combination of the enumeration values that control where and how to import the certificate.
Populates an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object with information from a certificate file, a password, and a key storage flag.
public
void
Import(string fileName,
string password,
X509KeyStorageFlags keyStorageFlags)
fileName
The name of a certificate file.
password
The password required to access the X.509 certificate data.
keyStorageFlags
A bitwise combination of the enumeration values that control where and how to import the certificate.
Populates an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object with information from a certificate file, a password, and a <see cref="T:System.Security.Cryptography.X509Certificates.X509KeyStorageFlags" /> value.
public
bool
MatchesHostname(string hostname,
bool allowWildcards = True,
bool allowCommonName = True)
hostname
The host name to match against.
allowWildcards
<see langword="true" /> to allow wildcard matching for <c>dNSName</c> values in the Subject Alternative Name extension; otherwise, <see langword="false" /> .
allowCommonName
<see langword="true" /> to allow matching against the subject Common Name value; otherwise, <see langword="false" /> .
Returns <see langword="true" /> if the certificate is a match for the requested hostname; otherwise, <see langword="false" />
Checks to see if the certificate matches the provided host name.
public
void
Reset()
Resets the state of an <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> object.
public
string
ToString() Returns The certificate information.
Displays an X.509 certificate in text format.
public
string
ToString(bool verbose)
verbose
<see langword="true" /> to display the public key, private key, extensions, and so forth; <see langword="false" /> to display information that is similar to the <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2" /> class, including thumbprint, serial number, subject and issuer names, and so on.
Returns The certificate information.
Displays an X.509 certificate in text format.
public
bool
Verify() Returns <see langword="true" /> if the validation succeeds; <see langword="false" /> if the validation fails.
Performs a X.509 chain validation using basic validation policy.
Releases all resources used by the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object.
protected
void
Dispose(bool disposing)
Inherited from X509Certificate
disposing
<see langword="true" /> to release both managed and unmanaged resources; <see langword="false" /> to release only unmanaged resources.
Releases all of the unmanaged resources used by this <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> and optionally releases the managed resources.
public
bool
Equals(object obj)
Inherited from X509Certificate
obj
An <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object to compare to the current object.
Returns <see langword="true" /> if the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object is equal to the object specified by the <paramref name="obj" /> parameter; otherwise, <see langword="false" /> .
Compares two <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> objects for equality.
public
bool
Equals(X509Certificate other)
Inherited from X509Certificate
other
An <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object to compare to the current object.
Returns <see langword="true" /> if the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object is equal to the object specified by the <paramref name="other" /> parameter; otherwise, <see langword="false" /> .
Compares two <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> objects for equality.
public
byte[]
Export(X509ContentType contentType)
Inherited from X509Certificate
contentType
One of the <see cref="T:System.Security.Cryptography.X509Certificates.X509ContentType" /> values that describes how to format the output data.
Returns An array of bytes that represents the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object.
Exports the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object to a byte array in a format described by one of the <see cref="T:System.Security.Cryptography.X509Certificates.X509ContentType" /> values.
public
byte[]
Export(X509ContentType contentType,
SecureString password)
Inherited from X509Certificate
contentType
One of the <see cref="T:System.Security.Cryptography.X509Certificates.X509ContentType" /> values that describes how to format the output data.
password
The password required to access the X.509 certificate data.
Returns A byte array that represents the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object.
Exports the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object to a byte array using the specified format and a password.
public
byte[]
Export(X509ContentType contentType,
string password)
Inherited from X509Certificate
contentType
One of the <see cref="T:System.Security.Cryptography.X509Certificates.X509ContentType" /> values that describes how to format the output data.
password
The password required to access the X.509 certificate data.
Returns An array of bytes that represents the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object.
Exports the current <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate" /> object to a byte array in a format described by one of the <see cref="T:System.Security.Cryptography.X509Certificates.X509ContentType" /> values, and using the specified password.
public
byte[]
ExportPkcs12(PbeParameters exportParameters,
string password)
Inherited from X509Certificate
exportParameters
The algorithm parameters to use for the export.
password
The password to use for the export.
Returns A byte array containing the encoded PKCS#12.
Exports the certificate and private key in PKCS#12 / PFX format.
public
byte[]
ExportPkcs12(Pkcs12ExportPbeParameters exportParameters,
string password)
Inherited from X509Certificate
exportParameters
The algorithm parameters to use for the export.
password
The password to use for the export.
Returns A byte array containing the encoded PKCS#12.
Exports the certificate and private key in PKCS#12 / PFX format.
public
byte[]
GetCertHash()
Inherited from X509Certificate
Returns The hash value for the X.509 certificate.
Returns the hash value for the X.509v3 certificate as an array of bytes.
public
byte[]
GetCertHash(HashAlgorithmName hashAlgorithm)
Inherited from X509Certificate
hashAlgorithm
The name of the cryptographic hash algorithm to use.
Returns A byte array that contains the hash value for the X.509 certificate.
Returns the hash value for the X.509v3 certificate that is computed by using the specified cryptographic hash algorithm.
public
string
GetCertHashString()
Inherited from X509Certificate
Returns The hexadecimal string representation of the X.509 certificate hash value.
Returns the SHA-1 hash value for the X.509v3 certificate as a hexadecimal string.
public
string
GetCertHashString(HashAlgorithmName hashAlgorithm)
Inherited from X509Certificate
hashAlgorithm
The name of the cryptographic hash algorithm to use.
Returns The hexadecimal string representation of the X.509 certificate hash value.
Returns a hexadecimal string containing the hash value for the X.509v3 certificate computed using the specified cryptographic hash algorithm.
public
string
GetEffectiveDateString()
Inherited from X509Certificate
Returns The effective date for this X.509 certificate.
Returns the effective date of this X.509v3 certificate.
public
string
GetExpirationDateString()
Inherited from X509Certificate
Returns The expiration date for this X.509 certificate.
Returns the expiration date of this X.509v3 certificate.
public
string
GetFormat()
Inherited from X509Certificate
Returns The format of this X.509 certificate.
Returns the name of the format of this X.509v3 certificate.
public
int
GetHashCode()
Inherited from X509Certificate
Returns The hash code for the X.509 certificate as an integer.
Returns the hash code for the X.509v3 certificate as an integer.
public
string
GetIssuerName()
Inherited from X509Certificate
Returns The name of the certification authority that issued the X.509 certificate.
Returns the name of the certification authority that issued the X.509v3 certificate.
public
string
GetKeyAlgorithm()
Inherited from X509Certificate
Returns The key algorithm information for this X.509 certificate as a string.
Returns the key algorithm information for this X.509v3 certificate as a string.
public
byte[]
GetKeyAlgorithmParameters()
Inherited from X509Certificate
Returns The key algorithm parameters for the X.509 certificate as an array of bytes.
Returns the key algorithm parameters for the X.509v3 certificate as an array of bytes.
public
string
GetKeyAlgorithmParametersString()
Inherited from X509Certificate
Returns The key algorithm parameters for the X.509 certificate as a hexadecimal string.
Returns the key algorithm parameters for the X.509v3 certificate as a hexadecimal string.
public
string
GetName()
Inherited from X509Certificate
Returns The name of the principal to which the certificate was issued.
Returns the name of the principal to which the certificate was issued.
public
byte[]
GetPublicKey()
Inherited from X509Certificate
Returns The public key for the X.509 certificate as an array of bytes.
Returns the public key for the X.509v3 certificate as an array of bytes.
public
string
GetPublicKeyString()
Inherited from X509Certificate
Returns The public key for the X.509 certificate as a hexadecimal string.
Returns the public key for the X.509v3 certificate as a hexadecimal string.
public
byte[]
GetRawCertData()
Inherited from X509Certificate
Returns A byte array containing the X.509 certificate data.
Returns the raw data for the entire X.509v3 certificate as an array of bytes.
public
string
GetRawCertDataString()
Inherited from X509Certificate
Returns The X.509 certificate data as a hexadecimal string.
Returns the raw data for the entire X.509v3 certificate as a hexadecimal string.
public
byte[]
GetSerialNumber()
Inherited from X509Certificate
Returns The serial number of the X.509 certificate as an array of bytes in little-endian order.
Returns the serial number of the X.509v3 certificate as an array of bytes in little-endian order.
public
string
GetSerialNumberString()
Inherited from X509Certificate
Returns The serial number of the X.509 certificate as a big-endian hexadecimal string.
Returns the serial number of the X.509v3 certificate as a big-endian hexadecimal string.
public
bool
TryGetCertHash(HashAlgorithmName hashAlgorithm,
Span`1 destination,
Int32& bytesWritten)
Inherited from X509Certificate
protected
void
Finalize()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object