How to check if a certificate is signed by yourself?

Question

How to check if a certificate is signed by yourself?

I am using C # .NET and you need to install a bunch of certificates in the Windows certificate store.

I need to check which of these certificates are root certificates (i.e. self-signed), so I can install them in the trusted root certificate store.

I am using the standard class X509Certificate2 . My current idea is to check if the Issuer and Subject tags are the same.

I noticed that X509Certificate2 has Issuer - IssuerName and Subject - SubjectName .

Is it better to compare Issuer with Subject or IssuerName with SubjectName ? Or does it not matter?

Also, is this a reliable method or am I better off using a different approach?

+6

c # .net certificate self-signed x509certificate2

MarioDS Dec 9 '15 at 8:53

source share

1 answer

Rob · Accepted Answer · 2015-12-09T09:18:58+0000

See this post: java - find if the certificate is self-signed or CA is signed

Until it is C #, comment from the notes to the solution

If the subject and the issuer match, it is self-signed

means that you correctly know how you check it.

IssuerName and SubjectName return a DistinguishedName that contains RawData (a byte[] containing raw information for the issuer / entity). It is best to compare this field, although I believe that comparing Subject and Issuer is also correct.

So you could write something like this:

 public static bool IsSelfSigned(X509Certificate2 cert) { return cert.SubjectName.RawData.SequenceEqual(cert.IssuerName.RawData); }

How to check if a certificate is signed by yourself?

More articles: