0

To validate in the client the certificate that it receives from the server, the validation method has a parameter of type X509Certificate that is the server certificate.

When I debug, I can see that it has a Thumbprint property, but when I try to access to them in the way myCertificate.Thmbprint I get a compiler error that it says that the property doesn't exist.

However, the type X509Certificate2 has this property.

So how could I get the thmbprint to know if it is the expected certificate?

Thanks.

Álvaro García
  • 18,114
  • 30
  • 102
  • 193
  • Does [How to calculate X.509 certificate's SHA-1 fingerprint?](https://stackoverflow.com/questions/4803799/how-to-calculate-x-509-certificates-sha-1-fingerprint) help? Or are you looking for the [X509Certificate.GetCertHashString Method](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate.getcerthashstring)? – Andrew Morton May 02 '23 at 17:08
  • Can you provide a [mre] that provides context? Which "validation method" are you talking about? Do you really mean the `OnCertificateValidated` *event*, which is called *after* the certificate is validated? – madreflection May 02 '23 at 17:16
  • Thumbprint in .NET is the same than Fingerprint. The first link it could help, but it implements a method to calculate it. I would like to know if the type X509Certificate in .NET offers this data directly. – Álvaro García May 02 '23 at 17:17
  • Are you using (classic) ASP.NET or ASP.NET Core? Which version? – madreflection May 02 '23 at 17:18

2 Answers2

0

It sounds like you're in a context where you have the cert as X509Certificate rather than the more powerful X509Certificate2.

Your two easy options:

  1. Upcast. (X509Certificate2 myCertificate2 = (X509Certificate2)myCertificate;)
  2. Use the GetCertHash() or GetCertHashString() methods (depending on if you want bytes or the hex string). GetCertHashString() is the same as the Thumbprint property.
bartonjs
  • 30,352
  • 2
  • 71
  • 111
  • The reason I asked for context above is that the `OnCertificateValidated` event receives a context with a `ClientCertificate` property, which is already of type `X509Certificate2` and doesn't need to be cast. But that only matters if that's what OP was talking about and that hasn't been established yet. – madreflection May 02 '23 at 17:39
0

You can use the ServicePointManager class to inspect the remote certificate provided and do whatever comparisons you'd like. You can choose to accept or reject it.

ServicePointManager.ServerCertificateValidationCallback

fanuc_bob
  • 857
  • 1
  • 7
  • 20