diff --git a/Stack/Opc.Ua.Core/Security/Certificates/CertificateValidator.cs b/Stack/Opc.Ua.Core/Security/Certificates/CertificateValidator.cs
index 72c52775ad..3db329c81e 100644
--- a/Stack/Opc.Ua.Core/Security/Certificates/CertificateValidator.cs
+++ b/Stack/Opc.Ua.Core/Security/Certificates/CertificateValidator.cs
@@ -270,6 +270,10 @@ public virtual void Validate(X509Certificate2Collection chain)
default:
{
+ // write the invalid certificate to rejected store if specified.
+ Utils.Trace((int)Utils.TraceMasks.Error, "Certificate '{0}' rejected. Reason={1}", certificate.Subject, (StatusCode)se.StatusCode);
+ SaveCertificate(certificate);
+
throw new ServiceResultException(se, StatusCodes.BadCertificateInvalid);
}
}
@@ -290,17 +294,9 @@ public virtual void Validate(X509Certificate2Collection chain)
// throw if rejected.
if (!accept)
{
- // write the invalid certificate to a directory if specified.
- lock (m_lock)
- {
- Utils.Trace((int)Utils.TraceMasks.Error, "Certificate '{0}' rejected. Reason={1}", certificate.Subject, (StatusCode)se.StatusCode);
-
- if (m_rejectedCertificateStore != null)
- {
- Utils.Trace((int)Utils.TraceMasks.Error, "Writing rejected certificate to directory: {0}", m_rejectedCertificateStore);
- SaveCertificate(certificate);
- }
- }
+ // write the invalid certificate to rejected store if specified.
+ Utils.Trace((int)Utils.TraceMasks.Error, "Certificate '{0}' rejected. Reason={1}", certificate.Subject, (StatusCode)se.StatusCode);
+ SaveCertificate(certificate);
throw new ServiceResultException(se, StatusCodes.BadCertificateInvalid);
}
@@ -314,28 +310,35 @@ public virtual void Validate(X509Certificate2Collection chain)
}
///
- /// Saves the certificate in the invalid certificate directory.
+ /// Saves the certificate in the rejected certificate store.
///
private void SaveCertificate(X509Certificate2 certificate)
{
- try
+ lock (m_lock)
{
- ICertificateStore store = m_rejectedCertificateStore.OpenStore();
-
- try
+ if (m_rejectedCertificateStore != null)
{
- store.Delete(certificate.Thumbprint);
- store.Add(certificate);
- }
- finally
- {
- store.Close();
+ Utils.Trace((int)Utils.TraceMasks.Error, "Writing rejected certificate to directory: {0}", m_rejectedCertificateStore);
+ try
+ {
+ ICertificateStore store = m_rejectedCertificateStore.OpenStore();
+
+ try
+ {
+ store.Delete(certificate.Thumbprint);
+ store.Add(certificate);
+ }
+ finally
+ {
+ store.Close();
+ }
+ }
+ catch (Exception e)
+ {
+ Utils.Trace(e, "Could not write certificate to directory: {0}", m_rejectedCertificateStore);
+ }
}
}
- catch (Exception e)
- {
- Utils.Trace(e, "Could not write certificate to directory: {0}", m_rejectedCertificateStore);
- }
}
///