SV: SV: [Mono-list] Verifying end certificate againstrootcertificates in store

Hellan.Kim KHE KHE at
Wed Oct 12 03:33:05 EDT 2005

Hi Sebastien,

Sorry, I misunderstood you.
In sourcefiles like certmgr.cs you operate on "Personal" and "TrustedRoot" stores using the X509Stores/X509Store class.
What kind of "store" is that then?

All I need is somewhere to put 3-4 CA certificates and use these for issuer verification of my end certificates. It's not a must that these are located in the Windows certificate store. If Mono uses some other kind of store, I can use that too.


-----Oprindelig meddelelse-----
Fra: Sebastien Pouliot [mailto:sebastien.pouliot at] 
Sendt: 11. oktober 2005 16:44
Til: Hellan.Kim KHE
Cc: mono-list at
Emne: Re: SV: [Mono-list] Verifying end certificate againstrootcertificates in store

Hello Kim,

My previous answer was a little more general (than certificate
verification). Mono itself doesn't offer, nor plan to, any kind of
integration with the Windows certificate store.

You either have to:
(a) use Fx 2.0 new X.509 classes;
(b) p/invoke into CryptoAPI yourself; or
(c) use existing wrappers classes (like Mentalis).

On Tue, 2005-11-10 at 16:33 +0200, Hellan.Kim KHE wrote:
> Hi Sebastien
> Okay, so it can't be done with the current build :(
> Then what about some functionality to retrieve all certificates from
> the store. Is that available?
> I could always do the verifying manually then.
> Or I could do a more specific search for a root certificate with a
> Common Name that matches the issuer in the certificate. And then check
> if that specific CA is the issuer of my end certificate.
> Are there any current functionality to get a specific certificate from
> the "Trusted root authorities" store then. And then verify that this
> certifcate is the issuer certificate?
> I know I'm ignoring checking of certificate chains here. I just want
> to make a simple check if possible.
> Thanks,
> Kim
> -----Oprindelig meddelelse-----
> Fra: mono-list-bounces at
> [mailto:mono-list-bounces at] På vegne af Sebastien
> Pouliot
> Sendt: 11. oktober 2005 15:54
> Til: Hellan.Kim KHE
> Cc: mono-list at
> Emne: Re: [Mono-list] Verifying end certificate against
> rootcertificates in store
> Hello Kim,
> You either have to use Fx 2.0 which has much expanded support for
> X.509
> or p/invoke into CryptoAPI.
> IIRC Mentalis has a library that wraps most of CryptoAPI
> for .net/windows apps.
> On Tue, 2005-11-10 at 15:46 +0200, Hellan.Kim KHE wrote:
> > I'm looking for the "correct" way of verifying the issuer of a
> > X509Certificate (end certificate) against all root certificates in
> found
> > in the LOCAL_MACHINE "Trusted root authorities" certificate store in
> > Windows.
> > 
> > Does anyone have some example code they want to share for doing that
> > task?
> > 
> > Thanks!
> > /Kim
Sebastien Pouliot
email: sebastien at


Hvis du har modtaget denne mail ved en fejl vil jeg gerne, at du informerer mig og sletter den.
KMD skaber it-services, der fremmer effektivitet hos det offentlige, erhvervslivet og borgerne.

If you received this e-mail by mistake, please notify me and delete it. Thank you.
Our mission is to enhance the efficiency of the public sector and improve its service of the general public. 

More information about the Mono-list mailing list