Select a chain of certificates instead of a single certificate (.NET TcpClient)?

Asked Dec 18 '21 at 23:31

Active Dec 20 '21 at 21:36

Viewed 21 times

The LocalCertificateSelectionCallback selects an X509Certificate to be verified by the other side. Is there a way to pass a chain of certificates instead?

This way, a server with only the Root CA in its trusted store would be able to verify my client, whose certificate was issued by an Intermediate CA.

edited Dec 20 '21 at 21:36

Charlieface

asked Dec 18 '21 at 23:31

kexu

After looking at this for some time, the only thing I can think of is to recreate the `X509Certificate` object from base64 using the full chain. Does it definitely not pass the full chain automatically? – Charlieface Dec 20 '21 at 21:35
@Charlieface Yes thank you I think that exactly answers my question; your searching skills are better than mine – kexu Dec 26 '21 at 18:32

0 Answers0