X509RevocationFlag Enumeration

X509RevocationFlag Enumeration


Specifies which X509 certificates in the chain should be checked for revocation.

Namespace:   System.Security.Cryptography.X509Certificates
Assembly:  System (in System.dll)

public enum X509RevocationFlag

Member nameDescription

Only the end certificate is checked for revocation.


The entire chain of certificates is checked for revocation.


The entire chain, except the root certificate, is checked for revocation.

Use this enumeration to specify which certificates in the chain are checked for revocation.

Legacy Code Example

The following example opens the current user's personal certificate store, allows the user to select a certificate, then writes certificate and certificate chain information to the console. The output depends on the certificate you select.

//Output chain information of the selected certificate.
X509Chain ch = new X509Chain();
ch.Build (certificate);
Console.WriteLine ("Chain Information");
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
Console.WriteLine ("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
Console.WriteLine ("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
Console.WriteLine ("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
Console.WriteLine ("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
Console.WriteLine ("Chain status length: {0}", ch.ChainStatus.Length);
Console.WriteLine ("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
Console.WriteLine ("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);

.NET Framework
Available since 2.0
Return to top
© 2015 Microsoft