/n software 3-D Secure V2 .NET Edition

Questions / Feedback?

RootCertificate Property

Contains the certificate used to verify the signature of the PARes message returned by the ACS.


public string RootCertificate { get; set; }
public byte[] RootCertificateB { get; set; }
Public Property RootCertificate As String
Public Property RootCertificateB As Byte()

Default Value



This property contains the CA signing certificate used to verify the signature of the Payer Authentication Response (PARes), stored in the AuthenticationCertificate property. This verification takes place after calling the method CheckAuthenticationResponse with the PARes packet returned from the Access Control Server (ACS).

To support multiple CA signing certificates, add all the certificates in the chain by prepending a '+' character to the Base-64 encoded certificate body. For example, the code below adds three certs to the RootCertificate property.

component.RootCertificate = "MIIC6jCCAdKgAwIBAgICAIowDQYJ..."
component.RootCertificate = "+MIIDSjCCAjKgAwIBAgIBATANBgkq..."
component.RootCertificate = "+MIIDdjCCAl6gAwIBAgIBBjANBgkq..."

If verification of the AuthenticationCertificate fails, the RootCertificate will be compared byte-by-byte to the AuthenticationCertificate. This feature allows the developer to set the RootCertificate to the exact certificate he or she expects to receive. This is useful for testing, but use this feature with caution. The RootCertificate property should always be set to a proper CA signing certificate on production systems.

Copyright (c) 2021 /n software inc. - All rights reserved.
/n software 3-D Secure V2 .NET Edition - Version 2.2 [Build 7954]