For a project I created my own CA root certificate, with two certificates. Apparently it is not possible to add your own CA to the X509Chain.ChainPolicy.ExtraStore, so I was forced to traverse through the chain and check the root certificate manually. (The "Self-signed certificates with untrusted root are valid" default in this
MSDN example is not really secure.)
Because it was very difficult for me to find code examples I was wondering for an audit. This is my ValidateServerCertificate method.
Is this secure?
ps. took me like 6 times to get this question right.. where are the code tags? Why cant I upload .cs files? What is it with these .ASPX websites never working at all? The MSDN website did not even allow me to post the question because of an "unknown error".