private static bool ManualServerCertVerification(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { Console.WriteLine(); if (certificate is X509Certificate2 cert2) { Console.WriteLine("X509Certificate2"); try { byte[] rawdata = cert2.RawData; Console.WriteLine(" Content Type: " + X509Certificate2.GetCertContentType(rawdata)); Console.WriteLine(" Friendly Name: " + cert2.FriendlyName); Console.WriteLine(" Certificate Verified?: " + cert2.Verify()); Console.WriteLine(" Simple Name: " + cert2.GetNameInfo(X509NameType.SimpleName, true)); Console.WriteLine(" Signature Algorithm: " + cert2.SignatureAlgorithm.FriendlyName); // Console.WriteLine(" Public Key: " + cert2.PublicKey.Key.ToXmlString(false)); Console.WriteLine(" Certificate Archived?: " + cert2.Archived); Console.WriteLine(" Length of Raw Data: " + cert2.RawData.Length); } catch (CryptographicException) { Console.WriteLine("Information could not be written out for this certificate."); } Console.WriteLine(); Console.WriteLine("X509Certificate2 Extensions"); foreach (X509Extension ext in cert2.Extensions) { Console.WriteLine(" " + ext.GetType().Name + "\n Oid: " + ext.Oid.FriendlyName + "\n Critical: " + ext.Critical + "\n Raw Len: " + ext.RawData.Length); if (ext is X509BasicConstraintsExtension bcExt) { Console.WriteLine(" CA: " + bcExt.CertificateAuthority); Console.WriteLine(" HPLC: " + bcExt.HasPathLengthConstraint); Console.WriteLine(" PLC: " + bcExt.PathLengthConstraint); } else if (ext is X509KeyUsageExtension kuExt) { Console.WriteLine(" Usages: " + kuExt.KeyUsages); } else if (ext is X509EnhancedKeyUsageExtension ekuExt) { if (ekuExt.EnhancedKeyUsages.Count > 0) { Console.WriteLine(" Enhanced Key Usages"); foreach (Oid oid in ekuExt.EnhancedKeyUsages) { Console.WriteLine(" " + oid.FriendlyName); } } } else if (ext is X509SubjectKeyIdentifierExtension skiExt) { Console.WriteLine(" Subject Key Identifier: " + skiExt.SubjectKeyIdentifier); } } Console.WriteLine(); } Console.WriteLine("sslPolicyErrors"); Console.WriteLine(" " + sslPolicyErrors); Console.WriteLine(); if (chain != null) { Console.WriteLine("X509Chain Statuses"); foreach (X509ChainStatus cs in chain.ChainStatus) { Console.WriteLine(" " + cs.Status + " | " + cs.StatusInformation); } Console.WriteLine(); } // ------------------------------------------------------------------------------------------ // BouncyCastle // ------------------------------------------------------------------------------------------ Org.BouncyCastle.X509.X509Certificate bcX509 = DotNetUtilities.FromX509Certificate(certificate); Console.WriteLine("BouncyCastle X509Certificate"); Console.WriteLine(" " + bcX509.CertificateStructure); Console.WriteLine(" " + bcX509.IsValidNow); Console.WriteLine(" " + bcX509.NotBefore); Console.WriteLine(" " + bcX509.NotAfter); Console.WriteLine(" " + bcX509.SigAlgName); Console.WriteLine(" " + bcX509.SigAlgOid); if (bcX509.GetExtendedKeyUsage().Count > 0) { Console.WriteLine(" Extended Key Usage"); foreach (var eku in bcX509.GetExtendedKeyUsage()) { Console.WriteLine(" " + eku); } } void InspectExtension(ISet extSet, string label) { if (extSet.Count > 0) { Console.WriteLine(" " + label); foreach (string oid in extSet) { try { Asn1OctetString asn = bcX509.GetExtensionValue(new DerObjectIdentifier(oid)); Console.WriteLine(" Oid: " + oid + " | Asn: " + asn); } catch (Exception e) { Console.WriteLine(e); } } } } InspectExtension(bcX509.GetNonCriticalExtensionOids(), "Non Critical Extensions"); InspectExtension(bcX509.GetCriticalExtensionOids(), "Critical Extensions"); return(true); // true if the cert is okay, false if it not }