Class CertificateValidation

PUBLIC API

Factory methods for common certificate validation scenarios. Helpers return delegates that can be composed or used standalone. Each helper creates a CertificateValidationCallback that can be passed to DotNettySslSetup.

Inheritance
object
CertificateValidation
Inherited Members
Namespace: Akka.Remote.Transport.DotNetty
Assembly: Akka.Remote.dll
Syntax
public static class CertificateValidation

Methods

| Edit this page View Source

ChainPlusThen(Func<X509Certificate2?, X509Chain?, string, bool>, ILoggingAdapter?)

Chain validator with optional custom validation. Validates certificate chain, then calls optional custom logic.

Declaration
public static CertificateValidationCallback ChainPlusThen(Func<X509Certificate2?, X509Chain?, string, bool> customCheck, ILoggingAdapter? log = null)
Parameters
Type Name Description
Func<X509Certificate2, X509Chain, string, bool> customCheck
ILoggingAdapter log
Returns
Type Description
CertificateValidationCallback
| Edit this page View Source

Combine(params CertificateValidationCallback[])

Compose multiple validation callbacks into a single callback. All validators must pass for certificate to be accepted. Use for: Combining multiple validation strategies.

Declaration
public static CertificateValidationCallback Combine(params CertificateValidationCallback[] validators)
Parameters
Type Name Description
CertificateValidationCallback[] validators
Returns
Type Description
CertificateValidationCallback
| Edit this page View Source

PinnedCertificate(params string[])

Pin certificate by thumbprint. Only accept certs matching allowed list. Use for: High-security scenarios, known peer certificates. Best combined with: Certificate revocation checking.

Declaration
public static CertificateValidationCallback PinnedCertificate(params string[] allowedThumbprints)
Parameters
Type Name Description
string[] allowedThumbprints
Returns
Type Description
CertificateValidationCallback
| Edit this page View Source

ValidateChain(ILoggingAdapter?)

Validate certificate chain against system CA store. Use for: CA-signed certificates in production.

Declaration
public static CertificateValidationCallback ValidateChain(ILoggingAdapter? log = null)
Parameters
Type Name Description
ILoggingAdapter log
Returns
Type Description
CertificateValidationCallback
| Edit this page View Source

ValidateHostname(string?, ILoggingAdapter?)

Validate certificate hostname (CN/SAN) matches expected hostname. Use for: Per-node certificates, FQDN-based identity. Applies bidirectionally on both client and server.

Declaration
public static CertificateValidationCallback ValidateHostname(string? expectedHostname = null, ILoggingAdapter? log = null)
Parameters
Type Name Description
string expectedHostname
ILoggingAdapter log
Returns
Type Description
CertificateValidationCallback
| Edit this page View Source

ValidateIssuer(string, ILoggingAdapter?)

Validate certificate issuer matches expected DN pattern. Use for: Verifying certificate came from trusted CA.

Declaration
public static CertificateValidationCallback ValidateIssuer(string expectedIssuerPattern, ILoggingAdapter? log = null)
Parameters
Type Name Description
string expectedIssuerPattern
ILoggingAdapter log
Returns
Type Description
CertificateValidationCallback
| Edit this page View Source

ValidateSubject(string, ILoggingAdapter?)

Validate certificate subject DN matches expected pattern. Use for: Organizational CA, issuer-based identity verification. Supports wildcards: "CN=Akka-Node-*" matches "CN=Akka-Node-001"

Declaration
public static CertificateValidationCallback ValidateSubject(string expectedSubjectPattern, ILoggingAdapter? log = null)
Parameters
Type Name Description
string expectedSubjectPattern
ILoggingAdapter log
Returns
Type Description
CertificateValidationCallback