Discuss this help topic in SecureBlackbox Forum


TElX509CertificateValidator     See also     

Filter: C#  VB.NET  Pascal  C++  PHP  Java  

Use this method to check validity of certificates.


    void Validate(TElX509Certificate $Certificate, TElCustomCertStorage $AdditionalCertificates, bool $CompleteChainValidation, DateTime $ValidityMoment, integer &$Validity, integer &$Reason)
    void Validate(TElX509Certificate $Certificate, integer &$Validity, integer &$Reason)

    void validate(TElX509Certificate Certificate, TElCustomCertStorage AdditionalCertificates, boolean CompleteChainValidation, Date ValidityMoment, TElX509CertificateValidatorResult Res);
    void validate(TElX509Certificate Certificate, TElX509CertificateValidatorResult Res);


  • Certificate - Certificate to be validated.
  • AdditionalCertificates - Additional certificates that might be known.
  • CompleteChainValidation - Specifies whether to check issuer (CA) certificates when the certificate is invalid.
  • ValidityMoment - Specifies the time when the certificate must be valid (i.e. the moment of e-mail creation or sending or receipt).
  • Validity - On return contains validity status of the certificate.
  • Reason - On return contains validity status reasons of the certificate.
  • Res -

Validity values

Validity reasons


     Use one of Validate methods to validate the certificate and it's issuer (CA) certificates. You need to pass the end-entity certificate only - CA certificates will be retrieved via Certificate's Chain property. If the chain is not available, you can pass CA certificates via AdditionalCertificates parameter or using AddKnownCertificates() method.

     On return Validity contains the result of certificate validation. If the last certificate in the chain was self-signed (as it usually should be, because the chain is built up to the self-signed root certificate), Validity can be cvSelfSigned, if the topmost certificate was not found in the list of trusted certificates, or cvOk if the topmost certificate is trusted.

     When CompleteChainValidation = true and the certificate is found to be not valid, certificate validation continues, i.e. issuer (CA) certificates are validated as well. This lets you create validation report which should include all certificates in the chain. When CompleteChainValidation = false and the certificate is not valid, further validation is not performed and Validate() method returns immediately.

     Since version 13 ResetCertificateCache parameter has been replaced with ResetCertificateCache class method.

See also:     ResetCertificateCache     ValidateForSMIME     ValidateForSSL     ValidateForTimestamping    

Discuss this help topic in SecureBlackbox Forum