我尝试了一些东西，这里的意见：

I tried a few things and here are the observations:

1. 首先， X509Certificate2.Verify（）不检查如果链中的所有证书被吊销。从这个后我才知道，检验方法，在内部使用的 Crypt32 CertVerifyCertificateChainPolicy 功能。该文档它说，它不执行证书吊销检查。总之，验证方法只检查是否为此它就是所谓的证书，被撤销或不。

1. First of all X509Certificate2.Verify() does not check if all the certificates in chain are revoked. From this post I came to know that Verify method internally uses Crypt32 CertVerifyCertificateChainPolicy function. The documentation for it says that it does not perform certificate revocation checking. In short, the Verify method just checks if the certificate for which it's called, is revoked or not.

关于根证书：

• 如果您使用的是 X509Certificate2.Verify（）和根证书不存在，则该方法将返回决绝假。所以用这个方法根证书是绝对必要的。
• 如果您使用的是 X509Chain 建立信任链，然后你可以决定是否排除根证书吊销或是否在线/离线去验证证书的吊销状态。
• 然而，无论你在网上还是别去了，或者你排除根证书与否，你得到的的值href="http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509chainstatus.status%28v=vs.90%29.aspx"相对=nofollow> ChainStatus 如果根证书丢失。因此，要建立完整的信任链，你需要你的机器上安装根证书。

• If you are using X509Certificate2.Verify() and root cert is absent, then the method will outrightly return false. So with this method root certificate is absolutely required.
• If you are using X509Chain to build the trust chain, then you can decide whether to exclude root certificate revocation or whether to go online/offline to verify revocation status of the certificates.
• However, whether you go online or not, or you exclude root certificate or not, you get the PartialChain value in the ChainStatus if the root certificate is missing. So to build the full trust chain, you need a root certificate on your machine.

希望这可以帮助别人谁想要知道一点关于证书验证在C＃。

Hope this helps someone who wants to know a little more about certificate validation in C#.