It is easily possible to determine whether a certificate is in the trusted root certificate store:
Dim found As Boolean = False
If certificateChain.RootCertificate IsNot Nothing Then
Dim store As New CertificateStore(CertificateStoreName.Root)
found = (store.FindCertificates(certificateChain.RootCertificate, 0).Length > 0)
store.Dispose()
End If
Please do not use the thumbprint for this purpose, because it's an SHA-1 hash and SHA-1 is no longer considered secure.
Also, please note that the ValidationResult
class makes it possible to determine why the chain was validated as not valid. Its Status
property is a flag enum (see here), so in order to determine what is actually the issue, you just have to see which flags are set.
It's also possible to disable the need for the root certificate to be trusted. This can be achieved by passing an option to CertificateChain
's Validate
method:
Dim res As ValidationResult = certificateChain.Validate(commonName, ValidationOptions.AllowUnknownCa)
If res.Valid Then
Return TlsCertificateAcceptance.Accept
End If