Early Preview

This is currently very much a preview. Please feel free to try things out, but don't be upset if anything is not yet working. Feedback is welcome over on our GitHub Dicussions page.

enum System.Security.Cryptography.X509Certificates.X509ChainStatusFlags

Assembly: System.Security.Cryptography

Defines the status of an X509 chain.

Values

NoError

Specifies that the X509 chain has no errors.

NotTimeValid

Specifies that the X509 chain is not valid due to an invalid time value, such as a value that indicates an expired certificate.

NotTimeNested

Deprecated. Specifies that the CA (certificate authority) certificate and the issued certificate have validity periods that are not nested. For example, the CA cert can be valid from January 1 to December 1 and the issued certificate from January 2 to December 2, which would mean the validity periods are not nested.

Revoked

Specifies that the X509 chain is invalid due to a revoked certificate.

NotSignatureValid

Specifies that the X509 chain is invalid due to an invalid certificate signature.

NotValidForUsage

Specifies that the key usage is not valid.

UntrustedRoot

Specifies that the X509 chain is invalid due to an untrusted root certificate.

RevocationStatusUnknown

Specifies that it is not possible to determine whether the certificate has been revoked. This can be due to the certificate revocation list (CRL) being offline or unavailable.

Cyclic

Specifies that the X509 chain could not be built.

InvalidExtension

Specifies that the X509 chain is invalid due to an invalid extension.

InvalidPolicyConstraints

Specifies that the X509 chain is invalid due to invalid policy constraints.

InvalidBasicConstraints

Specifies that the X509 chain is invalid due to invalid basic constraints.

InvalidNameConstraints

Specifies that the X509 chain is invalid due to invalid name constraints.

HasNotSupportedNameConstraint

Specifies that the certificate does not have a supported name constraint or has a name constraint that is unsupported.

HasNotDefinedNameConstraint

Specifies that the certificate has an undefined name constraint.

HasNotPermittedNameConstraint

Specifies that the certificate has an impermissible name constraint.

HasExcludedNameConstraint

Specifies that the X509 chain is invalid because a certificate has excluded a name constraint.

PartialChain

Specifies that the X509 chain could not be built up to the root certificate.

CtlNotTimeValid

Specifies that the certificate trust list (CTL) is not valid because of an invalid time value, such as one that indicates that the CTL has expired.

CtlNotSignatureValid

Specifies that the certificate trust list (CTL) contains an invalid signature.

CtlNotValidForUsage

Specifies that the certificate trust list (CTL) is not valid for this use.

HasWeakSignature

Specifies that the certificate has not been strong signed. Typically, this indicates that the MD2 or MD5 hashing algorithms were used to create a hash of the certificate.

OfflineRevocation

Specifies that the online certificate revocation list (CRL) the X509 chain relies on is currently offline.

NoIssuanceChainPolicy

Specifies that there is no certificate policy extension in the certificate. This error would occur if a group policy has specified that all certificates must have a certificate policy.

ExplicitDistrust

Specifies that the certificate is explicitly distrusted.

HasNotSupportedCriticalExtension

Specifies that the certificate does not support a critical extension.