X509Certificate2 Constructors

Definition

Initializes a new instance of the X509Certificate2 class.

Overloads

X509Certificate2()
Obsolete.

Initializes a new instance of the X509Certificate2 class.

X509Certificate2(String, String, X509KeyStorageFlags)

Initializes a new instance of the X509Certificate2 class using a certificate file name, a password used to access the certificate, and a key storage flag.

X509Certificate2(String, SecureString, X509KeyStorageFlags)

Initializes a new instance of the X509Certificate2 class using a certificate file name, a password, and a key storage flag.

X509Certificate2(String, ReadOnlySpan<Char>, X509KeyStorageFlags)

Initializes a new instance of the X509Certificate2 class using a certificate file name, a password, and a key storage flag.

X509Certificate2(Byte[], String, X509KeyStorageFlags)

Initializes a new instance of the X509Certificate2 class using a byte array, a password, and a key storage flag.

X509Certificate2(Byte[], SecureString, X509KeyStorageFlags)

Initializes a new instance of the X509Certificate2 class using a byte array, a password, and a key storage flag.

X509Certificate2(String, String)

Initializes a new instance of the X509Certificate2 class using a certificate file name and a password used to access the certificate.

X509Certificate2(String, SecureString)

Initializes a new instance of the X509Certificate2 class using a certificate file name and a password.

X509Certificate2(ReadOnlySpan<Byte>, ReadOnlySpan<Char>, X509KeyStorageFlags)

Initializes a new instance of the X509Certificate2 class from certificate data, a password, and key storage flags.

X509Certificate2(Byte[], String)

Initializes a new instance of the X509Certificate2 class using a byte array and a password.

X509Certificate2(Byte[], SecureString)

Initializes a new instance of the X509Certificate2 class using a byte array and a password.

X509Certificate2(String)

Initializes a new instance of the X509Certificate2 class using a certificate file name.

X509Certificate2(X509Certificate)

Initializes a new instance of the X509Certificate2 class using an X509Certificate object.

X509Certificate2(SerializationInfo, StreamingContext)
Obsolete.

Initializes a new instance of the X509Certificate2 class using the specified serialization and stream context information.

X509Certificate2(ReadOnlySpan<Byte>)

Initializes a new instance of the X509Certificate2 class from certificate data.

X509Certificate2(IntPtr)

Initializes a new instance of the X509Certificate2 class using an unmanaged handle.

X509Certificate2(Byte[])

Initializes a new instance of the X509Certificate2 class using information from a byte array.

X509Certificate2()

Caution

X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.

Initializes a new instance of the X509Certificate2 class.

public:
 X509Certificate2();
public X509Certificate2 ();
[System.Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId="SYSLIB0026", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public X509Certificate2 ();
[System.Obsolete("X509Certificate and X509Certificate2 are immutable. Use the appropriate constructor to create a new certificate.", DiagnosticId="SYSLIB0026", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 ();
Public Sub New ()
Attributes

Examples

The following code example opens the current user certificate store, selects only active certificates, then allows the user to select one or more certificates. The example then writes certificate information to the console.

#using <System.dll>
#using <System.Security.dll>

using namespace System;
using namespace System::Security::Cryptography;
using namespace System::Security::Permissions;
using namespace System::IO;
using namespace System::Security::Cryptography::X509Certificates;
int main()
{
   try
   {
      X509Store ^ store = gcnew X509Store( "MY",StoreLocation::CurrentUser );
      store->Open( static_cast<OpenFlags>(OpenFlags::ReadOnly | OpenFlags::OpenExistingOnly) );
      X509Certificate2Collection ^ collection = dynamic_cast<X509Certificate2Collection^>(store->Certificates);
      X509Certificate2Collection ^ fcollection = dynamic_cast<X509Certificate2Collection^>(collection->Find( X509FindType::FindByTimeValid, DateTime::Now, false ));
      X509Certificate2Collection ^ scollection = X509Certificate2UI::SelectFromCollection(fcollection, "Test Certificate Select","Select a certificate from the following list to get information on that certificate",X509SelectionFlag::MultiSelection);
      Console::WriteLine( "Number of certificates: {0}{1}", scollection->Count, Environment::NewLine );
      System::Collections::IEnumerator^ myEnum = scollection->GetEnumerator();
      while ( myEnum->MoveNext() )
      {
         X509Certificate2 ^ x509 = safe_cast<X509Certificate2 ^>(myEnum->Current);
         array<Byte>^rawdata = x509->RawData;
         Console::WriteLine( "Content Type: {0}{1}", X509Certificate2::GetCertContentType( rawdata ), Environment::NewLine );
         Console::WriteLine( "Friendly Name: {0}{1}", x509->FriendlyName, Environment::NewLine );
         Console::WriteLine( "Certificate Verified?: {0}{1}", x509->Verify(), Environment::NewLine );
         Console::WriteLine( "Simple Name: {0}{1}", x509->GetNameInfo( X509NameType::SimpleName, true ), Environment::NewLine );
         Console::WriteLine( "Signature Algorithm: {0}{1}", x509->SignatureAlgorithm->FriendlyName, Environment::NewLine );
         Console::WriteLine( "Private Key: {0}{1}", x509->PrivateKey->ToXmlString( false ), Environment::NewLine );
         Console::WriteLine( "Public Key: {0}{1}", x509->PublicKey->Key->ToXmlString( false ), Environment::NewLine );
         Console::WriteLine( "Certificate Archived?: {0}{1}", x509->Archived, Environment::NewLine );
         Console::WriteLine( "Length of Raw Data: {0}{1}", x509->RawData->Length, Environment::NewLine );
         x509->Reset();
      }
      store->Close();
   }
   catch ( CryptographicException^ ) 
   {
      Console::WriteLine( "Information could not be written out for this certificate." );
   }

}
using System;
using System.Security.Cryptography;
using System.Security.Permissions;
using System.IO;
using System.Security.Cryptography.X509Certificates;

class CertSelect
{
    static void Main()
    {
        X509Store store = new X509Store("MY",StoreLocation.CurrentUser);
        store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

        X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
        X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid,DateTime.Now,false);
        X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(fcollection, "Test Certificate Select","Select a certificate from the following list to get information on that certificate",X509SelectionFlag.MultiSelection);
        Console.WriteLine("Number of certificates: {0}{1}",scollection.Count,Environment.NewLine);

        foreach (X509Certificate2 x509 in scollection)
        {
            try
            {
                byte[] rawdata = x509.RawData;
                Console.WriteLine("Content Type: {0}{1}",X509Certificate2.GetCertContentType(rawdata),Environment.NewLine);
                Console.WriteLine("Friendly Name: {0}{1}",x509.FriendlyName,Environment.NewLine);
                Console.WriteLine("Certificate Verified?: {0}{1}",x509.Verify(),Environment.NewLine);
                Console.WriteLine("Simple Name: {0}{1}",x509.GetNameInfo(X509NameType.SimpleName,true),Environment.NewLine);
                Console.WriteLine("Signature Algorithm: {0}{1}",x509.SignatureAlgorithm.FriendlyName,Environment.NewLine);
                Console.WriteLine("Public Key: {0}{1}",x509.PublicKey.Key.ToXmlString(false),Environment.NewLine);
                Console.WriteLine("Certificate Archived?: {0}{1}",x509.Archived,Environment.NewLine);
                Console.WriteLine("Length of Raw Data: {0}{1}",x509.RawData.Length,Environment.NewLine);
                X509Certificate2UI.DisplayCertificate(x509);
                x509.Reset();
            }
            catch (CryptographicException)
            {
                Console.WriteLine("Information could not be written out for this certificate.");
            }
        }
        store.Close();
    }
}
Imports System.Security.Cryptography
Imports System.Security.Permissions
Imports System.IO
Imports System.Security.Cryptography.X509Certificates

Class CertSelect

    Shared Sub Main()

        Dim store As New X509Store("MY", StoreLocation.CurrentUser)
        store.Open(OpenFlags.ReadOnly Or OpenFlags.OpenExistingOnly)

        Dim collection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection)
        Dim fcollection As X509Certificate2Collection = CType(collection.Find(X509FindType.FindByTimeValid, DateTime.Now, False), X509Certificate2Collection)
        Dim scollection As X509Certificate2Collection = X509Certificate2UI.SelectFromCollection(fcollection, "Test Certificate Select", "Select a certificate from the following list to get information on that certificate", X509SelectionFlag.MultiSelection)
        Console.WriteLine("Number of certificates: {0}{1}", scollection.Count, Environment.NewLine)
         
        For Each x509 As X509Certificate2 In scollection
            Try
                Dim rawdata As Byte() = x509.RawData
                Console.WriteLine("Content Type: {0}{1}", X509Certificate2.GetCertContentType(rawdata), Environment.NewLine)
                Console.WriteLine("Friendly Name: {0}{1}", x509.FriendlyName, Environment.NewLine)
                Console.WriteLine("Certificate Verified?: {0}{1}", x509.Verify(), Environment.NewLine)
                Console.WriteLine("Simple Name: {0}{1}", x509.GetNameInfo(X509NameType.SimpleName, True), Environment.NewLine)
                Console.WriteLine("Signature Algorithm: {0}{1}", x509.SignatureAlgorithm.FriendlyName, Environment.NewLine)
                Console.WriteLine("Public Key: {0}{1}", x509.PublicKey.Key.ToXmlString(False), Environment.NewLine)
                Console.WriteLine("Certificate Archived?: {0}{1}", x509.Archived, Environment.NewLine)
                Console.WriteLine("Length of Raw Data: {0}{1}", x509.RawData.Length, Environment.NewLine)
                X509Certificate2UI.DisplayCertificate(x509)
                x509.Reset()         
             Catch cExcept As CryptographicException
                 Console.WriteLine("Information could not be written out for this certificate.")
             End Try
        Next x509

        store.Close()
    End Sub
End Class

Remarks

This constructor creates an empty X509Certificate2 object, unlike the other constructors for this class that use certificate information from a byte array, a pointer, or a certificate file.

Applies to

X509Certificate2(String, String, X509KeyStorageFlags)

Initializes a new instance of the X509Certificate2 class using a certificate file name, a password used to access the certificate, and a key storage flag.

public:
 X509Certificate2(System::String ^ fileName, System::String ^ password, System::Security::Cryptography::X509Certificates::X509KeyStorageFlags keyStorageFlags);
public X509Certificate2 (string fileName, string? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (string fileName, string? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
public X509Certificate2 (string fileName, string password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string * string * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string * string * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (fileName As String, password As String, keyStorageFlags As X509KeyStorageFlags)

Parameters

fileName
String

The name of a certificate file.

password
String

The password required to access the X.509 certificate data.

keyStorageFlags
X509KeyStorageFlags

A bitwise combination of the enumeration values that control where and how to import the certificate.

Attributes

Exceptions

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.

Remarks

This constructor creates a new X509Certificate2 object using a certificate file name, a password needed to access the certificate, and a key storage flag.

Important

Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.

If you create an X509Certificate2 certificate by specifying a PKCS7 signed file store for fileName, the X509Certificate2 is created for the certificate that signed the store rather than for any of the certificates within the store.

Applies to

X509Certificate2(String, SecureString, X509KeyStorageFlags)

Important

This API is not CLS-compliant.

Initializes a new instance of the X509Certificate2 class using a certificate file name, a password, and a key storage flag.

public:
 X509Certificate2(System::String ^ fileName, System::Security::SecureString ^ password, System::Security::Cryptography::X509Certificates::X509KeyStorageFlags keyStorageFlags);
[System.CLSCompliant(false)]
public X509Certificate2 (string fileName, System.Security.SecureString? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
[System.CLSCompliant(false)]
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (string fileName, System.Security.SecureString? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
[System.CLSCompliant(false)]
public X509Certificate2 (string fileName, System.Security.SecureString password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
public X509Certificate2 (string fileName, System.Security.SecureString password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
[<System.CLSCompliant(false)>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string * System.Security.SecureString * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.CLSCompliant(false)>]
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string * System.Security.SecureString * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string * System.Security.SecureString * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (fileName As String, password As SecureString, keyStorageFlags As X509KeyStorageFlags)

Parameters

fileName
String

The name of a certificate file.

password
SecureString

The password required to access the X.509 certificate data.

keyStorageFlags
X509KeyStorageFlags

A bitwise combination of the enumeration values that control where and how to import the certificate.

Attributes

Exceptions

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.

Remarks

If you create an X509Certificate certificate by specifying a PKCS7 signed file store for fileName, the X509Certificate is created for the certificate that signed the store rather than for any of the certificates within the store.

Applies to

X509Certificate2(String, ReadOnlySpan<Char>, X509KeyStorageFlags)

Initializes a new instance of the X509Certificate2 class using a certificate file name, a password, and a key storage flag.

public X509Certificate2 (string fileName, ReadOnlySpan<char> password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags = System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.DefaultKeySet);
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (string fileName, ReadOnlySpan<char> password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags = System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.DefaultKeySet);
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string * ReadOnlySpan<char> * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string * ReadOnlySpan<char> * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (fileName As String, password As ReadOnlySpan(Of Char), Optional keyStorageFlags As X509KeyStorageFlags = System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.DefaultKeySet)

Parameters

fileName
String

The name of a certificate file.

password
ReadOnlySpan<Char>

The password required to access the X.509 certificate data.

keyStorageFlags
X509KeyStorageFlags

A bitwise combination of the enumeration values that control where and how to import the certificate.

Attributes

Exceptions

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.

Remarks

Important

Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.

If you create an X509Certificate2 certificate by specifying a PKCS7 signed file store for fileName, the X509Certificate2 is created for the certificate that signed the store rather than for any of the certificates within the store.

Applies to

X509Certificate2(Byte[], String, X509KeyStorageFlags)

Initializes a new instance of the X509Certificate2 class using a byte array, a password, and a key storage flag.

public:
 X509Certificate2(cli::array <System::Byte> ^ rawData, System::String ^ password, System::Security::Cryptography::X509Certificates::X509KeyStorageFlags keyStorageFlags);
public X509Certificate2 (byte[] rawData, string? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (byte[] rawData, string? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
public X509Certificate2 (byte[] rawData, string password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
new System.Security.Cryptography.X509Certificates.X509Certificate2 : byte[] * string * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : byte[] * string * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (rawData As Byte(), password As String, keyStorageFlags As X509KeyStorageFlags)

Parameters

rawData
Byte[]

A byte array containing data from an X.509 certificate.

password
String

The password required to access the X.509 certificate data.

keyStorageFlags
X509KeyStorageFlags

A bitwise combination of the enumeration values that control where and how to import the certificate.

Attributes

Exceptions

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.

Remarks

This constructor creates a new X509Certificate2 object using a byte array, a password that is needed to access the certificate data, and a key storage flag. It is used with PKCS12 (PFX) files that contain the certificate's private key. Calling this constructor with the correct password decrypts the private key and saves it to a Microsoft Cryptographic API Cryptographic Service Provider (CSP).

Important

Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.

If you create an X509Certificate2 certificate by specifying a PKCS7 signed file store for rawData, the X509Certificate2 is created for the certificate that signed the store rather than for any of the certificates within the store.

Applies to

X509Certificate2(Byte[], SecureString, X509KeyStorageFlags)

Important

This API is not CLS-compliant.

Initializes a new instance of the X509Certificate2 class using a byte array, a password, and a key storage flag.

public:
 X509Certificate2(cli::array <System::Byte> ^ rawData, System::Security::SecureString ^ password, System::Security::Cryptography::X509Certificates::X509KeyStorageFlags keyStorageFlags);
[System.CLSCompliant(false)]
public X509Certificate2 (byte[] rawData, System.Security.SecureString? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
[System.CLSCompliant(false)]
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (byte[] rawData, System.Security.SecureString? password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
[System.CLSCompliant(false)]
public X509Certificate2 (byte[] rawData, System.Security.SecureString password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
public X509Certificate2 (byte[] rawData, System.Security.SecureString password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags);
[<System.CLSCompliant(false)>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : byte[] * System.Security.SecureString * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.CLSCompliant(false)>]
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : byte[] * System.Security.SecureString * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
new System.Security.Cryptography.X509Certificates.X509Certificate2 : byte[] * System.Security.SecureString * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (rawData As Byte(), password As SecureString, keyStorageFlags As X509KeyStorageFlags)

Parameters

rawData
Byte[]

A byte array that contains data from an X.509 certificate.

password
SecureString

The password required to access the X.509 certificate data.

keyStorageFlags
X509KeyStorageFlags

A bitwise combination of the enumeration values that control where and how to import the certificate.

Attributes

Exceptions

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.

Remarks

This constructor is used with PKCS12 (PFX) files that contain the certificate's private key. Calling this constructor with the correct password decrypts the private key and saves it to a Microsoft Cryptographic API Cryptographic Service Provider (CSP).

Important

Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.

If you create an X509Certificate certificate by specifying a PKCS7 signed file store for rawData, the X509Certificate is created for the certificate that signed the store rather than for any of the certificates within the store.

Applies to

X509Certificate2(String, String)

Initializes a new instance of the X509Certificate2 class using a certificate file name and a password used to access the certificate.

public:
 X509Certificate2(System::String ^ fileName, System::String ^ password);
public X509Certificate2 (string fileName, string? password);
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (string fileName, string? password);
public X509Certificate2 (string fileName, string password);
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string * string -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string * string -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (fileName As String, password As String)

Parameters

fileName
String

The name of a certificate file.

password
String

The password required to access the X.509 certificate data.

Attributes

Exceptions

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.

Remarks

This constructor creates a new X509Certificate2 object using a certificate file name and a password needed to access the certificate. It is used with PKCS12 (PFX) files that contain the certificate's private key. Calling this constructor with the correct password decrypts the private key and saves it to a key container.

Important

Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.

If you create an X509Certificate2 certificate by specifying a PKCS7 signed file store for fileName, the X509Certificate2 is created for the certificate that signed the store rather than for any of the certificates within the store.

Applies to

X509Certificate2(String, SecureString)

Important

This API is not CLS-compliant.

Initializes a new instance of the X509Certificate2 class using a certificate file name and a password.

public:
 X509Certificate2(System::String ^ fileName, System::Security::SecureString ^ password);
[System.CLSCompliant(false)]
public X509Certificate2 (string fileName, System.Security.SecureString? password);
[System.CLSCompliant(false)]
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (string fileName, System.Security.SecureString? password);
[System.CLSCompliant(false)]
public X509Certificate2 (string fileName, System.Security.SecureString password);
public X509Certificate2 (string fileName, System.Security.SecureString password);
[<System.CLSCompliant(false)>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string * System.Security.SecureString -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.CLSCompliant(false)>]
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string * System.Security.SecureString -> System.Security.Cryptography.X509Certificates.X509Certificate2
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string * System.Security.SecureString -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (fileName As String, password As SecureString)

Parameters

fileName
String

The name of a certificate file.

password
SecureString

The password required to access the X.509 certificate data.

Attributes

Exceptions

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.

Remarks

This constructor is used with PKCS12 (PFX) files that contain the certificate's private key. Calling this constructor with the correct password decrypts the private key and saves it to a key container.

Important

Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.

If you create an X509Certificate certificate by specifying a PKCS7 signed file store for fileName, the X509Certificate is created for the certificate that signed the store rather than for any of the certificates within the store.

Applies to

X509Certificate2(ReadOnlySpan<Byte>, ReadOnlySpan<Char>, X509KeyStorageFlags)

Initializes a new instance of the X509Certificate2 class from certificate data, a password, and key storage flags.

public X509Certificate2 (ReadOnlySpan<byte> rawData, ReadOnlySpan<char> password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags = System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.DefaultKeySet);
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (ReadOnlySpan<byte> rawData, ReadOnlySpan<char> password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags = System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.DefaultKeySet);
new System.Security.Cryptography.X509Certificates.X509Certificate2 : ReadOnlySpan<byte> * ReadOnlySpan<char> * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : ReadOnlySpan<byte> * ReadOnlySpan<char> * System.Security.Cryptography.X509Certificates.X509KeyStorageFlags -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (rawData As ReadOnlySpan(Of Byte), password As ReadOnlySpan(Of Char), Optional keyStorageFlags As X509KeyStorageFlags = System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.DefaultKeySet)

Parameters

rawData
ReadOnlySpan<Byte>

The certificate data to process.

password
ReadOnlySpan<Char>

The password required to access the certificate data.

keyStorageFlags
X509KeyStorageFlags

A bitwise combination of the enumeration values that control where and how to import the certificate.

Attributes

Exceptions

An error with the certificate occurs.

Applies to

X509Certificate2(Byte[], String)

Initializes a new instance of the X509Certificate2 class using a byte array and a password.

public:
 X509Certificate2(cli::array <System::Byte> ^ rawData, System::String ^ password);
public X509Certificate2 (byte[] rawData, string? password);
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (byte[] rawData, string? password);
public X509Certificate2 (byte[] rawData, string password);
new System.Security.Cryptography.X509Certificates.X509Certificate2 : byte[] * string -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : byte[] * string -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (rawData As Byte(), password As String)

Parameters

rawData
Byte[]

A byte array containing data from an X.509 certificate.

password
String

The password required to access the X.509 certificate data.

Attributes

Exceptions

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.

Remarks

This constructor creates a new X509Certificate2 object using a byte array and a password that is needed to access the certificate data. It is used with PKCS12 (PFX) files that contain the certificate's private key. Calling this constructor with the correct password decrypts the private key and saves it to a key container.

Important

Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.

If you create an X509Certificate2 certificate by specifying a PKCS7 signed file store for rawData, the X509Certificate2 is created for the certificate that signed the store rather than for any of the certificates within the store.

Applies to

X509Certificate2(Byte[], SecureString)

Important

This API is not CLS-compliant.

Initializes a new instance of the X509Certificate2 class using a byte array and a password.

public:
 X509Certificate2(cli::array <System::Byte> ^ rawData, System::Security::SecureString ^ password);
[System.CLSCompliant(false)]
public X509Certificate2 (byte[] rawData, System.Security.SecureString? password);
[System.CLSCompliant(false)]
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (byte[] rawData, System.Security.SecureString? password);
[System.CLSCompliant(false)]
public X509Certificate2 (byte[] rawData, System.Security.SecureString password);
public X509Certificate2 (byte[] rawData, System.Security.SecureString password);
[<System.CLSCompliant(false)>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : byte[] * System.Security.SecureString -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.CLSCompliant(false)>]
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : byte[] * System.Security.SecureString -> System.Security.Cryptography.X509Certificates.X509Certificate2
new System.Security.Cryptography.X509Certificates.X509Certificate2 : byte[] * System.Security.SecureString -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (rawData As Byte(), password As SecureString)

Parameters

rawData
Byte[]

A byte array that contains data from an X.509 certificate.

password
SecureString

The password required to access the X.509 certificate data.

Attributes

Exceptions

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.

Remarks

This constructor is used with PKCS12 (PFX) files that contain the certificate's private key. Calling this constructor with the correct password decrypts the private key and saves it to a key container.

Important

Never hard code a password within your source code. Hard-coded passwords can be retrieved from an assembly using the Ildasm.exe (IL Disassembler), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.

If you create an X509Certificate certificate by specifying a PKCS7 signed file store for rawData, the X509Certificate is created for the certificate that signed the store rather than for any of the certificates within the store.

Applies to

X509Certificate2(String)

Initializes a new instance of the X509Certificate2 class using a certificate file name.

public:
 X509Certificate2(System::String ^ fileName);
public X509Certificate2 (string fileName);
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (string fileName);
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : string -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (fileName As String)

Parameters

fileName
String

The name of a certificate file.

Attributes

Exceptions

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.

Remarks

This constructor creates a new X509Certificate2 object using a certificate file name. It supports binary (DER) encoding or Base64 encoding.

If you create an X509Certificate2 certificate by specifying a PKCS7 signed file store for fileName, the X509Certificate2 is created for the certificate that signed the store rather than for any of the certificates within the store.

Applies to

X509Certificate2(X509Certificate)

Initializes a new instance of the X509Certificate2 class using an X509Certificate object.

public:
 X509Certificate2(System::Security::Cryptography::X509Certificates::X509Certificate ^ certificate);
public X509Certificate2 (System.Security.Cryptography.X509Certificates.X509Certificate certificate);
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (System.Security.Cryptography.X509Certificates.X509Certificate certificate);
new System.Security.Cryptography.X509Certificates.X509Certificate2 : System.Security.Cryptography.X509Certificates.X509Certificate -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : System.Security.Cryptography.X509Certificates.X509Certificate -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (certificate As X509Certificate)

Parameters

certificate
X509Certificate

An X509Certificate object.

Attributes

Exceptions

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.

Remarks

This method creates a new instance of the X509Certificate2 class using an X509Certificate object.

Applies to

X509Certificate2(SerializationInfo, StreamingContext)

Caution

This API supports obsolete formatter-based serialization. It should not be called or extended by application code.

Initializes a new instance of the X509Certificate2 class using the specified serialization and stream context information.

protected:
 X509Certificate2(System::Runtime::Serialization::SerializationInfo ^ info, System::Runtime::Serialization::StreamingContext context);
protected X509Certificate2 (System.Runtime.Serialization.SerializationInfo info, System.Runtime.Serialization.StreamingContext context);
[System.Obsolete("This API supports obsolete formatter-based serialization. It should not be called or extended by application code.", DiagnosticId="SYSLIB0051", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
protected X509Certificate2 (System.Runtime.Serialization.SerializationInfo info, System.Runtime.Serialization.StreamingContext context);
new System.Security.Cryptography.X509Certificates.X509Certificate2 : System.Runtime.Serialization.SerializationInfo * System.Runtime.Serialization.StreamingContext -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.Obsolete("This API supports obsolete formatter-based serialization. It should not be called or extended by application code.", DiagnosticId="SYSLIB0051", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : System.Runtime.Serialization.SerializationInfo * System.Runtime.Serialization.StreamingContext -> System.Security.Cryptography.X509Certificates.X509Certificate2
Protected Sub New (info As SerializationInfo, context As StreamingContext)

Parameters

info
SerializationInfo

The serialization information required to deserialize the new X509Certificate2.

context
StreamingContext

Contextual information about the source of the stream to be deserialized.

Attributes

Exceptions

.NET Core and .NET 5+ only: In all cases.

Applies to

X509Certificate2(ReadOnlySpan<Byte>)

Initializes a new instance of the X509Certificate2 class from certificate data.

public:
 X509Certificate2(ReadOnlySpan<System::Byte> rawData);
public X509Certificate2 (ReadOnlySpan<byte> rawData);
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (ReadOnlySpan<byte> rawData);
new System.Security.Cryptography.X509Certificates.X509Certificate2 : ReadOnlySpan<byte> -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : ReadOnlySpan<byte> -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (rawData As ReadOnlySpan(Of Byte))

Parameters

rawData
ReadOnlySpan<Byte>

The certificate data to process.

Attributes

Exceptions

An error with the certificate occurs.

Applies to

X509Certificate2(IntPtr)

Initializes a new instance of the X509Certificate2 class using an unmanaged handle.

public:
 X509Certificate2(IntPtr handle);
public X509Certificate2 (IntPtr handle);
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (IntPtr handle);
new System.Security.Cryptography.X509Certificates.X509Certificate2 : nativeint -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : nativeint -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (handle As IntPtr)

Parameters

handle
IntPtr

nativeint

A pointer to a certificate context in unmanaged code. The C structure is called PCCERT_CONTEXT.

Attributes

Exceptions

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.

Remarks

This constructor creates a new X509Certificate2 object using a handle for the Microsoft Cryptographic API certificate context, PCCERT_CONTEXT. Note that the immediate caller of this constructor requires unmanaged code permission.

Important

The constructor creates a copy of the certificate context. Do not assume that the context structure you passed to the constructor is valid; it may have been released. You can get a copy of the current PCCERT_CONTEXT structure from the Handle property, but it is valid only during the lifetime of the X509Certificate2 object.

Applies to

X509Certificate2(Byte[])

Initializes a new instance of the X509Certificate2 class using information from a byte array.

public:
 X509Certificate2(cli::array <System::Byte> ^ rawData);
public X509Certificate2 (byte[] rawData);
[System.Runtime.Versioning.UnsupportedOSPlatform("browser")]
public X509Certificate2 (byte[] rawData);
new System.Security.Cryptography.X509Certificates.X509Certificate2 : byte[] -> System.Security.Cryptography.X509Certificates.X509Certificate2
[<System.Runtime.Versioning.UnsupportedOSPlatform("browser")>]
new System.Security.Cryptography.X509Certificates.X509Certificate2 : byte[] -> System.Security.Cryptography.X509Certificates.X509Certificate2
Public Sub New (rawData As Byte())

Parameters

rawData
Byte[]

A byte array containing data from an X.509 certificate.

Attributes

Exceptions

An error with the certificate occurs. For example:

  • The certificate file does not exist.

  • The certificate is invalid.

  • The certificate's password is incorrect.

Remarks

This constructor creates a new X509Certificate2 object using certificate information from a byte array. The byte array can be binary (DER) encoded or Base64-encoded X.509 data. The byte array can also be a PKCS7 (Authenticode) signed file; the signer certificate is used to create the object.

If you create an X509Certificate2 certificate by specifying a PKCS7 signed file store for rawData, the X509Certificate2 is created for the certificate that signed the store rather than for any of the certificates within the store.

Applies to