Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I check if a certificate is self-signed?

Tags:

c#

.net

certificate

self-signed

x509certificate2

I'm using C#.NET and need to install a bunch of certificates into the Windows certificate store.

I need to check which of those certificates are root certificates (i.e. self-signed), so I can install them into the "Trusted root certificates" store.

I'm using the standard X509Certificate2 class. My current idea is to check whether the Issuer and Subject are the same.

I've noticed that X509Certificate2 has Issuer - IssuerName and Subject - SubjectName.

Is it better to compare Issuer to Subject, or IssuerName to SubjectName? Or doesn't it really matter?

Also, is this a reliable method or would I be better off using another approach?

like image 693
MarioDS Avatar asked Dec 09 '15 08:12

MarioDS

People also ask

Where can I find self-signed certificate in Windows?

msc in the windows search bar and choosing "Run as administrator." Expand both the "Personal" and "Trusted Root Certification" directories. In the Personal Certificates folder, you will find both the CA and the Self-Signed Certificate that we created in the previous steps.

Which digital certificates are self-signed?

Self-signed certificates include SSL/TLS certificates, code signing certificates, and S/MIME certificates. Self-Signed certificates are created, issued, and signed by the organization responsible for the website or the signed software.

What makes a certificate self-signed?

A self-signed certificate is an SSL certificate not signed by a publicly trusted certificate authority (CA) but by one's own private key. The certificate is not validated by a third party and is generally used in low-risk internal networks or in the software development phase.

1 Answers

See this post: java - Find if a certificate is self signed or CA signed

While it's not C#, the comment from the solution notes

If the subject and issuer are the same, it is self-signed

means you're correct about the way you're trying to validate it.

IssuerName and SubjectName return a DistinguishedName which contains RawData (a byte[] containing the raw information for the issuer/subject). You'd be best off comparing this field, though I believe comparing Subject and Issuer is just as valid.

So, you could write something like this:

public static bool IsSelfSigned(X509Certificate2 cert)
{
    return cert.SubjectName.RawData.SequenceEqual(cert.IssuerName.RawData);
}
like image 85
Rob Avatar answered Oct 31 '22 14:10

Rob
Sign in to Comment

Related questions

How are lambdas resolved in the .NET framework?
why is the concatenation of an int and a string not complaining at compile time
Windows 10 x:Bind to SelectedItem
Get the lines of the TextBlock according to the TextWrapping property?
Exception: "Value does not fall within the expected range" in ASP.NET MVC controller [duplicate]
Web api access controller method from another controller method
How to insert a HTML character into this Html.ActionLink?
Empty constructor in inheriting class C#
c# using return attribute what it does? [duplicate]
Find an element by Xpath which contains text
ClosedXML Adding Data to Existing Table
How to get EnumMember to work in ASP.net 5 with Visual Studio 2015
How to get the type of an argument in Roslyn?
Fluent Validation - pass parameter to collection validator
How to identify zero-width character?
GMail not showing inline-images (cid) i'm sending with System.Net.Mail
How to read the list of NuGet packages in packages.config programatically?
Task.WaitAll hangs with async/await tasks
Where clause not included in SQL query
Generate a random string with regex

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!