X509ChainStatusFlags Enumeration
Defines the status of an X509 chain.
This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.
Assembly: System (in System.dll)
| Member name | Description | |
|---|---|---|
| CtlNotSignatureValid | Specifies that the certificate trust list (CTL) contains an invalid signature. | |
| CtlNotTimeValid | Specifies that the certificate trust list (CTL) is not valid because of an invalid time value, such as one that indicates that the CTL has expired. | |
| CtlNotValidForUsage | Specifies that the certificate trust list (CTL) is not valid for this use. | |
| Cyclic | Specifies that the X509 chain could not be built. | |
| ExplicitDistrust | Specifies that the certificate is explicitly distrusted. | |
| HasExcludedNameConstraint | Specifies that the X509 chain is invalid because a certificate has excluded a name constraint. | |
| HasNotDefinedNameConstraint | Specifies that the certificate has an undefined name constraint. | |
| HasNotPermittedNameConstraint | Specifies that the certificate has an impermissible name constraint. | |
| HasNotSupportedCriticalExtension | Specifies that the certificate does not support a critical extension. | |
| HasNotSupportedNameConstraint | Specifies that the certificate does not have a supported name constraint or has a name constraint that is unsupported. | |
| HasWeakSignature | Specifies that the certificate has not been strong signed. Typically, this indicates that the MD2 or MD5 hashing algorithms were used to create a hash of the certificate. | |
| InvalidBasicConstraints | Specifies that the X509 chain is invalid due to invalid basic constraints. | |
| InvalidExtension | Specifies that the X509 chain is invalid due to an invalid extension. | |
| InvalidNameConstraints | Specifies that the X509 chain is invalid due to invalid name constraints. | |
| InvalidPolicyConstraints | Specifies that the X509 chain is invalid due to invalid policy constraints. | |
| NoError | Specifies that the X509 chain has no errors. | |
| NoIssuanceChainPolicy | Specifies that there is no certificate policy extension in the certificate. This error would occur if a group policy has specified that all certificates must have a certificate policy. | |
| NotSignatureValid | Specifies that the X509 chain is invalid due to an invalid certificate signature. | |
| NotTimeNested | Deprecated. Specifies that the CA (certificate authority) certificate and the issued certificate have validity periods that are not nested. For example, the CA cert can be valid from January 1 to December 1 and the issued certificate from January 2 to December 2, which would mean the validity periods are not nested. | |
| NotTimeValid | Specifies that the X509 chain is not valid due to an invalid time value, such as a value that indicates an expired certificate. | |
| NotValidForUsage | Specifies that the key usage is not valid. | |
| OfflineRevocation | Specifies that the online certificate revocation list (CRL) the X509 chain relies on is currently offline. | |
| PartialChain | Specifies that the X509 chain could not be built up to the root certificate. | |
| RevocationStatusUnknown | Specifies that it is not possible to determine whether the certificate has been revoked. This can be due to the certificate revocation list (CRL) being offline or unavailable. | |
| Revoked | Specifies that the X509 chain is invalid due to a revoked certificate. | |
| UntrustedRoot | Specifies that the X509 chain is invalid due to an untrusted root certificate. |
This enumeration is used in conjunction with the X509ChainStatus structure and the ChainStatus property.
The flags ExplicitDistrust, HasNotSupportedCriticalExtension and HasWeakSignature were introduced with the .NET Framework 4.6.1.
Available since 2.0