It is easily possible to determine whether a certificate is in the trusted root certificate store:
Dim found As Boolean = False
If certificateChain.RootCertificate IsNot Nothing Then
Dim store As New CertificateStore(CertificateStoreName.Root)
found = (store.FindCertificates(certificateChain.RootCertificate, 0).Length > 0)
Please do not use the thumbprint for this purpose, because it's an SHA-1 hash and SHA-1 is no longer considered secure.
Also, please note that the
ValidationResult class makes it possible to determine why the chain was validated as not valid. Its
Status property is a flag enum (see here), so in order to determine what is actually the issue, you just have to see which flags are set.
It's also possible to disable the need for the root certificate to be trusted. This can be achieved by passing an option to
Dim res As ValidationResult = certificateChain.Validate(commonName, ValidationOptions.AllowUnknownCa)
If res.Valid Then