Can I guarantee using C # that the X509 certificate was issued by a trusted authority?
If I use X509Certificate.CreateFromSignedFile to get the certificate used to sign the file, can I verify that it was signed by a trusted authority - and isn't it just a "self-signed" certificate of some kind?
I want to extract the name "Subject" (company) from the certificate to ensure that the unmanaged DLL I am using is not feasible (I cannot verify it as it is updated frequently and independently) and official.
However, I am concerned that a fake DLL might be signed with a "self-signed" certificate and return the original company name. So, I want the certificate to be issued by Versign, Thwate or similar (whatever is installed in the certificate store on the machine will be fine).
How can I do this, if at all, when using X509Certificate.CreateFromSignedFile? Or is it done automatically (ie the "self-signed" certificate will not be executed)?
a source to share
If it is an invalid certificate, you will receive an exception. As for what you want to check the company name, etc ... Here is the code:
ServicePointManager.ServerCertificateValidationCallback +=
new System.Net.Security.RemoteCertificateValidationCallback(customXertificateValidation);
private static bool customXertificateValidation(
object sender, X509Certificate cert,
X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
// check here 'cert' parameter properties (ex. Subject) and based on the result
// you expect return true or false
return false/true;
}
EDIT: The above code is only suitable when requesting an https resource that received an invalid (self-signed, expired, etc.) certificate. As for extracting signatures from signed files, please go here: Extracting digital signatures from signed files using .NET
a source to share