X509RevocationMode Enumeration


Specifies the mode used to check for X509 certificate revocation.

Namespace:   System.Security.Cryptography.X509Certificates
Assembly:  System (in System.dll)

Public Enumeration X509RevocationMode

Member nameDescription

No revocation check is performed on the certificate.


A revocation check is made using a cached certificate revocation list (CRL).


A revocation check is made using an online certificate revocation list (CRL).

This enumeration is used to specify whether a revocation check occurs and if it is performed online or offline.


Specifying an online check can result in a long delay while the certificate authority is contacted.

The following example opens the current user's personal certificate store, allows the user to select a certificate, then writes certificate and certificate chain information to the console. The output depends on the certificate you select.

'Output chain information of the selected certificate.
Dim ch As New X509Chain()
Console.WriteLine("Chain Information")
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online
Console.WriteLine("Chain revocation flag: {0}", ch.ChainPolicy.RevocationFlag)
Console.WriteLine("Chain revocation mode: {0}", ch.ChainPolicy.RevocationMode)
Console.WriteLine("Chain verification flag: {0}", ch.ChainPolicy.VerificationFlags)
Console.WriteLine("Chain verification time: {0}", ch.ChainPolicy.VerificationTime)
Console.WriteLine("Chain status length: {0}", ch.ChainStatus.Length)
Console.WriteLine("Chain application policy count: {0}", ch.ChainPolicy.ApplicationPolicy.Count)
Console.WriteLine("Chain certificate policy count: {0} {1}", ch.ChainPolicy.CertificatePolicy.Count, Environment.NewLine)

.NET Framework
Available since 2.0
Return to top