X509Chain Flags Status
X509Chain Flags Status
X509Chain Flags Status
Defines the status of an X509 chain.
This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.
public enum class X509ChainStatusFlags
[System.Flags] public enum X509ChainStatusFlags
type X509ChainStatusFlags =
Public Enum X509ChainStatusFlags
|CtlNotSignatureValid CtlNotSignatureValid CtlNotSignatureValid CtlNotSignatureValid||262144||
Specifies that the certificate trust list (CTL) contains an invalid signature.
|CtlNotTimeValid CtlNotTimeValid CtlNotTimeValid CtlNotTimeValid||131072||
Specifies that the certificate trust list (CTL) is not valid because of an invalid time value, such as one that indicates that the CTL has expired.
|CtlNotValidForUsage CtlNotValidForUsage CtlNotValidForUsage CtlNotValidForUsage||524288||
Specifies that the certificate trust list (CTL) is not valid for this use.
|Cyclic Cyclic Cyclic Cyclic||128||
Specifies that the X509 chain could not be built.
|ExplicitDistrust ExplicitDistrust ExplicitDistrust ExplicitDistrust||67108864||
Specifies that the certificate is explicitly distrusted.
|HasExcludedNameConstraint HasExcludedNameConstraint HasExcludedNameConstraint HasExcludedNameConstraint||32768||
Specifies that the X509 chain is invalid because a certificate has excluded a name constraint.
|HasNotDefinedNameConstraint HasNotDefinedNameConstraint HasNotDefinedNameConstraint HasNotDefinedNameConstraint||8192||
Specifies that the certificate has an undefined name constraint.
|HasNotPermittedNameConstraint HasNotPermittedNameConstraint HasNotPermittedNameConstraint HasNotPermittedNameConstraint||16384||
Specifies that the certificate has an impermissible name constraint.
|HasNotSupportedCriticalExtension HasNotSupportedCriticalExtension HasNotSupportedCriticalExtension HasNotSupportedCriticalExtension||134217728||
Specifies that the certificate does not support a critical extension.
|HasNotSupportedNameConstraint HasNotSupportedNameConstraint HasNotSupportedNameConstraint HasNotSupportedNameConstraint||4096||
Specifies that the certificate does not have a supported name constraint or has a name constraint that is unsupported.
|HasWeakSignature HasWeakSignature HasWeakSignature HasWeakSignature||1048576||
Specifies that the certificate has not been strong signed. Typically, this indicates that the MD2 or MD5 hashing algorithms were used to create a hash of the certificate.
|InvalidBasicConstraints InvalidBasicConstraints InvalidBasicConstraints InvalidBasicConstraints||1024||
Specifies that the X509 chain is invalid due to invalid basic constraints.
|InvalidExtension InvalidExtension InvalidExtension InvalidExtension||256||
Specifies that the X509 chain is invalid due to an invalid extension.
|InvalidNameConstraints InvalidNameConstraints InvalidNameConstraints InvalidNameConstraints||2048||
Specifies that the X509 chain is invalid due to invalid name constraints.
|InvalidPolicyConstraints InvalidPolicyConstraints InvalidPolicyConstraints InvalidPolicyConstraints||512||
Specifies that the X509 chain is invalid due to invalid policy constraints.
|NoError NoError NoError NoError||0||
Specifies that the X509 chain has no errors.
|NoIssuanceChainPolicy NoIssuanceChainPolicy NoIssuanceChainPolicy NoIssuanceChainPolicy||33554432||
Specifies that there is no certificate policy extension in the certificate. This error would occur if a group policy has specified that all certificates must have a certificate policy.
|NotSignatureValid NotSignatureValid NotSignatureValid NotSignatureValid||8||
Specifies that the X509 chain is invalid due to an invalid certificate signature.
|NotTimeNested NotTimeNested NotTimeNested NotTimeNested||2||
Deprecated. Specifies that the CA (certificate authority) certificate and the issued certificate have validity periods that are not nested. For example, the CA cert can be valid from January 1 to December 1 and the issued certificate from January 2 to December 2, which would mean the validity periods are not nested.
|NotTimeValid NotTimeValid NotTimeValid NotTimeValid||1||
Specifies that the X509 chain is not valid due to an invalid time value, such as a value that indicates an expired certificate.
|NotValidForUsage NotValidForUsage NotValidForUsage NotValidForUsage||16||
Specifies that the key usage is not valid.
|OfflineRevocation OfflineRevocation OfflineRevocation OfflineRevocation||16777216||
Specifies that the online certificate revocation list (CRL) the X509 chain relies on is currently offline.
|PartialChain PartialChain PartialChain PartialChain||65536||
Specifies that the X509 chain could not be built up to the root certificate.
|RevocationStatusUnknown RevocationStatusUnknown RevocationStatusUnknown RevocationStatusUnknown||64||
Specifies that it is not possible to determine whether the certificate has been revoked. This can be due to the certificate revocation list (CRL) being offline or unavailable.
|Revoked Revoked Revoked Revoked||4||
Specifies that the X509 chain is invalid due to a revoked certificate.
|UntrustedRoot UntrustedRoot UntrustedRoot UntrustedRoot||32||
Specifies that the X509 chain is invalid due to an untrusted root certificate.
The flags ExplicitDistrust, HasNotSupportedCriticalExtension and HasWeakSignature were introduced with the .NET Framework 4.6.1.