X509QueryCert Method

Query an X.509 certificate file for selected information.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.30549 (23.1.0.0)

Syntax

public static string QueryCert(
	string certFile,
	string query,
	X509OutputOpts outOpts = X509OutputOpts.Default
)

Public Shared Function QueryCert ( 
	certFile As String,
	query As String,
	Optional outOpts As X509OutputOpts = X509OutputOpts.Default
) As String

certFile String: Filename of certificate file (or its base64 representation)
query String: Query string (case insensitive)
outOpts X509OutputOpts (Optional): Optional options for output (default = 0)

String
String containing the result, or an empty string if query not found or on error.

Remarks

Both binary BER and PEM-format certificates can be read, as can a base64 representation of the certificate.

Valid queries are:

"version"	X.509 version number, e.g. "3".
"serialNumber"	Serial number in hex-encoded format.
"signatureAlgorithm"	Signature algorithm used, e.g. "sha1WithRSAEncryption".
"signatureValue"	Signature value in hex-encoded format.
"notBefore"	Date on which the certificate validity period begins in ISO format yyyy-mm-ddThh:nn:ssZ
"notAfter"	Date on which the certificate validity period ends in ISO format yyyy-mm-ddThh:nn:ssZ
"issuerName"	Distinguished name (DN) of entity who has signed and issued the certificate.
"subjectName"	Distinguished name (DN) of the subject.
"subjectPublicKeyAlgorithm"	Algorithm used in subject's public key, e.g. "dsa".
"subjectKeyIdentifier"	The subject key identifier extension, if present, in hex-encoded format.
"authorityKeyIdentifier"	The authority key identifier extension, if present, in hex-encoded format.
"rfc822Name"	Internet mail address contained in a subjectAltName extension, if present.
"isCA"	Returns "1" if the subject type is a CA, otherwise returns "0".
"keyUsageString"	keyUsage flags in text format, e.g. "digitalSignature,nonRepudiation".
"extKeyUsageString"	extKeyUsage purposes in text format, e.g. "codeSigning,timeStamping".
"cRLDistributionPointsURI"	First URI found in cRLDistributionPoints, if any.
"authorityInfoAccessURI"	First URI found in authorityInfoAccess, if any.
"subjectAltName"	Subject alternative name extension, if present.
"hashAlgorithm"	Hash algorithm used in signature, e.g. "sha256".
"pssParams"	Parameters used for RSA-PSS (if applicable).