How to verify a certificate chain using a CA certificate C#

Question

I am trying to connect to a Mosquitto broker. The broker will have a ca.crt and a server.crt. My app will only have the ca.crt.

Upon connection the broker provides both ca.crt and server.crt (certificate chain). How can I validate both against the ca.crt which I already have? ca.crt and the one present on the client are the same.

Answer 1

Use the X509Chain class and put the ca.crt, loaded as X509Certificate2, onto the ExtraStore property of the ChainPolicy property.

var caCert = new X509Certificate2(".\\ca.crt");
var serverCert = new X509Certificate2(".\\server.crt");

X509Chain ch = new X509Chain();
ch.ChainPolicy.RevocationMode = X509RevocationMode.Online;
ch.ChainPolicy.ExtraStore = new X509Certificate2Collection(caCert);
ch.Build (serverCert);