OcspResponderRevocationConfigurationGetSigningCertificateCandidates Method

Gets a collection of OCSP signing certificate candidates for current CA configuration.

This method searches certificates installed in 'LocalMachine\My' ('Local Machine\Personal'). Certificates stored in other places or other accounts (such as Network Service account) are not shown.


Namespace: SysadminsLV.PKI.Management.CertificateServices
Assembly: SysadminsLV.PKI.Win (in SysadminsLV.PKI.Win.dll) Version: (
public X509Certificate2Collection GetSigningCertificateCandidates()

Return Value

A collection of OCSP signing certificate candidates.


Each signing certificate has the following properties:
  • Signed by the CA specified in this revocation configuration object.
  • Includes the Online Certificate Status Protocol signing (id-kp-OCSPSigning) enhanced key usage
  • Has not expired.
  • Responder server can access the certificate private key

See Also