ICertificatePolicy Interface

Validates a server certificate.

Namespace: System.Net
Assembly: System (in system.dll)

Public Interface ICertificatePolicy
Dim instance As ICertificatePolicy

public interface ICertificatePolicy
public interface ICertificatePolicy
Not applicable.

The ICertificatePolicy interface is used to provide custom security certificate validation for an application. The default policy is to allow valid certificates, as well as valid certificates that have expired. To change this policy, implement the ICertificatePolicy interface with a different policy, and then assign that policy to ServicePointManager.CertificatePolicy.

ICertificatePolicy uses the Security Support Provider Interface (SSPI). For more information, see the SSPI documentation on MSDN.

The following example creates a certificate policy that returns false for any certificate problem and prints a message that indicates the problem on the console. The CertificateProblem enum defines SSPI constants for certificate problems, and the private GetProblemMessage method creates a printable message about the problem.

Public Enum CertificateProblem As Long
    CertEXPIRED                   = 2148204801    ' 0x800B0101
    CertVALIDITYPERIODNESTING     = 2148204802    ' 0x800B0102
    CertROLE                      = 2148204803    ' 0x800B0103
    CertPATHLENCONST              = 2148204804    ' 0x800B0104
    CertCRITICAL                  = 2148204805    ' 0x800B0105
    CertPURPOSE                   = 2148204806    ' 0x800B0106
    CertISSUERCHAINING            = 2148204807    ' 0x800B0107
    CertMALFORMED                 = 2148204808    ' 0x800B0108
    CertUNTRUSTEDROOT             = 2148204809    ' 0x800B0109
    CertCHAINING                  = 2148204810    ' 0x800B010A
    CertREVOKED                   = 2148204812    ' 0x800B010C
    CertUNTRUSTEDTESTROOT         = 2148204813    ' 0x800B010D       
    CertREVOCATION_FAILURE        = 2148204814    ' 0x800B010E
    CertCN_NO_MATCH               = 2148204815    ' 0x800B010F
    CertWRONG_USAGE               = 2148204816    ' 0x800B0110
    CertUNTRUSTEDCA               = 2148204818     ' 0x800B0112
End Enum

Public Class MyCertificateValidation
    Implements ICertificatePolicy
    ' Default policy for certificate validation.
    Public Shared DefaultValidate As Boolean = False    
    Public Function CheckValidationResult(srvPoint As ServicePoint, _
       cert As X509Certificate, request As WebRequest, problem As Integer) _
       As Boolean Implements ICertificatePolicy.CheckValidationResult
        Dim ValidationResult As Boolean = False
        Console.WriteLine(("Certificate Problem with accessing " & _
        Console.Write("Problem code 0x{0:X8},", CInt(problem))
        Console.WriteLine(GetProblemMessage(CType(problem, _
        ValidationResult = DefaultValidate
        Return ValidationResult
    End Function    
    Private Function GetProblemMessage(Problem As CertificateProblem) As String
        Dim ProblemMessage As String = ""
        Dim problemList As New CertificateProblem()
        Dim ProblemCodeName As String = System.Enum.GetName( _
           problemList.GetType(), Problem)
        If Not (ProblemCodeName Is Nothing) Then
            ProblemMessage = ProblemMessage + "-Certificateproblem:" & _
            ProblemMessage = "Unknown Certificate Problem"
        End If
        Return ProblemMessage
    End Function
End Class

public class CertificateProblem
    public static final int certEXPIRED = 0x800B0101;
    public static final int certVALIDITYPERIODNESTING = 0x800B0102;
    public static final int certROLE = 0x800B0103;
    public static final int certPATHLENCONST = 0x800B0104;
    public static final int certCRITICAL = 0x800B0105;
    public static final int certPURPOSE = 0x800B0106;
    public static final int certISSUERCHAINING = 0x800B0107;
    public static final int certMALFORMED = 0x800B0108;
    public static final int certUNTRUSTEDROOT = 0x800B0109;
    public static final int certCHAINING = 0x800B010A;
    public static final int certREVOKED = 0x800B010C;
    public static final int certUNTRUSTEDTESTROOT = 0x800B010D;
    public static final int certREVOCATION_FAILURE = 0x800B010E;
    public static final int certCN_NO_MATCH = 0x800B010F;
    public static final int certWRONG_USAGE = 0x800B0110;
    public static final int certUNTRUSTEDCA = 0x800B0112;

    public String GetEnumCertificateProblem(int problem)
        switch (problem) {
            case 0x800B0101 :
                return "CertExpired";
            case 0x800B0102 :
                return "CertVALIDITYPERIODNESTING";
            case 0x800B0103 :
                return "CertROLE";
            case 0x800B0104 :
                return "CertPATHLENCONST";
            case 0x800B0105 :
                return "CertCRITICAL";
            case 0x800B0106 :
                return "CertPURPOSE";
            case 0x800B0107 :
                return "CertISSUERCHAINING";
            case 0x800B0108 :
                return "CertMALFORMED";
            case 0x800B0109 :
                return "CertUNTRUSTEDROOT";
            case 0x800B010A :
                return "CertCHAINING";
            case 0x800B010C :
                return "CertREVOKED";
            case 0x800B010D :
                return "CertUNTRUSTEDTESTROOT";
            case 0x800B010E :
                return "CertREVOCATION_FAILURE";
            case 0x800B010F :
                return "CertCN_NO_MATCH";
            case 0x800B0110 :
                return "CertWRONG_USAGE";
            case 0x800B0112 :
                return "CertUNTRUSTEDCA";
            default :
                return null;

public class MyCertificateValidation implements ICertificatePolicy
    // Default policy for certificate validation.
    public static boolean defaultValidate = false;

    public boolean CheckValidationResult(ServicePoint sp, X509Certificate cert,
                                        WebRequest request, int problem)
        boolean validationResult = false;

        Console.WriteLine(("Certificate Problem with accessing "
            + request.get_RequestUri()));
        Console.Write("Problem code 0x{0:X8},", 
        validationResult = defaultValidate;
        return validationResult;
    } //CheckValidationResult
    private String GetProblemMessage(int problem)
        String problemMessage = "";
        CertificateProblem problemList = new CertificateProblem();        
        String problemCodeName = problemList.GetEnumCertificateProblem(problem);
        if (problemCodeName != null) {
            problemMessage = problemMessage + "-Certificateproblem:"
                + problemCodeName;
        else {
            problemMessage = "Unknown Certificate Problem";
        return problemMessage;
    } //GetProblemMessage
} //MyCertificateValidation    

Windows 98, Windows Server 2000 SP4, Windows CE, Windows Millennium Edition, Windows Mobile for Pocket PC, Windows Mobile for Smartphone, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0, 1.1, 1.0

.NET Compact Framework

Supported in: 2.0, 1.0