X509RevocationMode Enumeration

X509RevocationMode Enumeration


Specifies the mode used to check for X509 certificate revocation.

Namespace:   System.Security.Cryptography.X509Certificates
Assembly:  System (in System.dll)

public enum X509RevocationMode

Member nameDescription

No revocation check is performed on the certificate.


A revocation check is made using a cached certificate revocation list (CRL).


A revocation check is made using an online certificate revocation list (CRL).

This enumeration is used to specify whether a revocation check occurs and if it is performed online or offline.


Specifying an online check can result in a long delay while the certificate authority is contacted.

Legacy Code Example

The following example opens the current user's personal certificate store, allows the user to select a certificate, then writes certificate and certificate chain information to the console. The output depends on the certificate you select.

//Output chain information of the selected certificate.
X509Chain ch = new X509Chain();
ch.Build (certificate);
Console.WriteLine ("Chain Information");
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
Console.WriteLine ("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag);
Console.WriteLine ("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode);
Console.WriteLine ("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags);
Console.WriteLine ("Chain verification time: {0}", ch.ChainPolicy.VerificationTime);
Console.WriteLine ("Chain status length: {0}", ch.ChainStatus.Length);
Console.WriteLine ("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count);
Console.WriteLine ("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine);

.NET Framework
Available since 2.0
Return to top
© 2015 Microsoft