Menu
I ran into a problem recently and was hoping someone could provide some insight. A certificate was expiring so we replaced it. There was a period where both the old and the new certificate was valid. When the old certificate expired, the following code still returned both the new and the expired certificate:
X509Certificate2Collection.Find(X509FindType.FindBySubjectName, certName, true)
By what criteria does .Net consider a certificate valid. Does .Net consider a certificate valid until midnight UTC (like it should) or midnight local time.
In the end, we simply removed the old certificate and everything was fine; but I don't want the same problem next time we need to replace a certificate.
595
First, X509Certificate2Collection.Find(X509FindType.FindBySubjectName, certName, true) method executes X509Certificate2.Verify() method on each object in the collection to determine whether the certificate is valid. Verify() method performs a lot of checks (in accordance with RFC 5280).
Regarding validity. Validity in the certificate (internally) is stored in UTC format and .NET converts this UTC time to local time. When you open the certificate and see that it is valid until midnight, then the certificate is valid until midnight in your current time zone (not UTC midnight).
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
