- 1 year ago
X509Chain.Build() seems to ignore certificates in LocalComputer/My
There are a few potential reasons why X509Chain.Build()
might ignore certificates in LocalComputer/My
. Here are some things to check:
Make sure the certificate is actually installed in the
LocalComputer/My
certificate store. You can check this by opening the Certificate Manager (certmgr.msc
) and navigating to theLocalComputer/My
store. If the certificate isn't there, you'll need to install it.Make sure the certificate has a valid chain of trust. If the certificate is self-signed or issued by an untrusted root, it won't be trusted by default. You may need to add the root certificate to the
TrustedRootCertificationAuthorities
store to establish a chain of trust.Make sure the certificate isn't explicitly excluded by revocation checking. If revocation checking is enabled (
X509ChainPolicy.RevocationFlag
is set toX509RevocationFlag.ExcludeRoot
orX509RevocationFlag.EndCertificateOnly
), the certificate may be excluded if it has been revoked. To check if revocation checking is the issue, you can temporarily disable it by settingX509ChainPolicy.RevocationFlag
toX509RevocationFlag.ExcludeNone
.Check that the certificate chain isn't broken by an expired intermediate certificate. If the certificate chain contains an expired intermediate certificate, the chain of trust will be broken and
X509Chain.Build()
will fail. You can check for this by opening the certificate in the Certificate Manager and checking the certification path.
If none of these solutions work, you may need to provide more information or context to diagnose the issue.