如何获得数字证书X509Certificate2的名称

Question

I'm working with digital certificates X509Certificate2 in C# and I'm having problems to find the certificate's name without it having a friendly name.

My software builds a combobox with all the certificates present in the client computer.

In my cenario, one of my clients cannot configure a friendly name manually for the certificate, so I manage to get the name from the SubjectName (breaking the string and get the one that starts with "CN=").

But with some certificates, this method does not work well and I wish to know if there is a more elegant way to get the friendly name if it exists, if not, then get the real certificate's name.

Also I wish to get a list of valid certificates from the store, excluding the root ones that is not used for digital signatures.

Answer 1

In order to load only the certificates for perform digital signature (avoiding CA's and certificates with only public part) you can use:

X509Store store = new X509Store("My");

Specifying "My" you load only: The X.509 certificate store for personal certificates.

You can see all options here , also it's possible to use StoreLocation.CurrentUser , however I think "My" is what you are looking for.

About the certificate name you can use X509Certificate2 properties:

if FriendlyName property is null or empty you can use SubjectName property. In the case which both properties doesn't work, you has a last chance with SerialNumber property, SerialNumber is not user friendly to identify certificate, however for the certificate issuer SerialNumber must be unique so you can identify the certificate with this property.

Hope this helps,