<certificateValidation>

Controls the settings that token handlers use to validate certificates. These settings are overridden if a specific handler is configured with its own validator.

<system.identityModel>
<identityConfiguration>
<certificateValidation>

Syntax

<system.identityModel>  
  <identityConfiguration>  
    <certificateValidation  
      certificateValidationMode="None||ChainTrust||PeerTrust||PeerOrChainTrust||Custom"  
      revocationMode="NoCheck||Offline||Online"  
      trustedStoreLocation="CurrentLocation||LocalMachine" >  
    </certificateValidation>  
  </identityConfiguration>  
</system.identityModel>  

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description
certificateValidationMode An X509CertificateValidationMode value that specifies the validation mode to use for the X.509 certificate. The default value is "PeerOrChainTrust". To specify a custom validator, set this attribute to "Custom" and specify the validator using the <certificateValidator> element. Optional.
revocationMode An X509RevocationMode value that specifies the revocation mode to use for the X.509 certificate. The default value is "Online". Optional.
trustedStoreLocation A StoreLocation value that specifies the X.509 certificate store. The default value is "LocalMachine". Optional.

Child Elements

Element Description
<certificateValidator> Specifies a custom type for certificate validation. This type is used only if the certificateValidationMode attribute of the <certificateValidation> element is set to "Custom".

Parent Elements

Element Description
<identityConfiguration> Specifies service-level identity settings.
<securityTokenHandlerConfiguration> Provides configuration for a collection of security token handlers.

Remarks

A <certificateValidation> element can be specified at the service level under the <identityConfiguration> element or on the security token handler collection level under the <securityTokenHandlerConfiguration> element. Settings on a token handler collection override those specified on the service. Some token handlers allow you to specify certificate validation settings in configuration. Settings on individual token handlers override those specified both at the service level and on the security token handler collection.

Example

<certificateValidation certificateValidationMode="PeerOrChainTrust"  
                       revocationMode="Online"  
                       trustedStoreLocation="LocalMachine" />