figuring out the relationship between CA and end-user cert
not a chin
"trusted cert") somethingCA.cer, and i have a another issued cert
User.cer which is issued by somethingCA.cer, how can i infer that
user.cer is issued by somethingCA.cer, by some kind of computation.
note that these are self issued/self signed certs and further have not
been installed in the Store or anything like that.
Its not possible to verify using the cert2.Verify() function. but sure
i would like to know how that function was implemented as it would
help me here.
I am okay with working with raw cert data i just need to know what to
look for and what to do if anyone knows. just need to deduce whether
the end user cert file is derived from the ca cert.
anything on these lines would help - i know there's not many people
knowledgeable in this area.
Eugene Mayevski
> "trusted cert") somethingCA.cer, and i have a another issued cert
> User.cer which is issued by somethingCA.cer, how can i infer that
> user.cer is issued by somethingCA.cer, by some kind of computation.
> note that these are self issued/self signed certs and further have not
> been installed in the Store or anything like that.
In general, you need to compare end-entity's Issuer RDN with CA's Subject
RDN, and then (optionally) validate the signature of the end-entity
certificate using CA certificate. I don't know how this is done in NET
framework classes. In PKIBlackbox ( http://www.eldos.com/sbb/net-pki.php )
this is done in 2 lines of code.
--
With best regards,
Eugene Mayevski
http://www.eldos.com/ - security and virtual storage components
Henning Krause
you can use the X509Chain class to perform certificate validation.
var chain = new X509Chain();
chain.ChainPolicy.ExtraStore.Add(rootCertificate);
chain.Build(certificate);
var result = chain.ChainStatus;
Kind regards,
Henning Krause
"not a chin" <vij...@gmail.com> wrote in message
news:a6ea1d1e-1b7c-42d3...@d4g2000vbm.googlegroups.com...