Register an issuer (CA) certificate so that certificates signed by this CA can be validated.
the issuer certificate (DER)
Optionalvalidate: booleanwhether to validate the issuer cert itself (default: true)
OptionaladdInTrustList: booleanalso add to the trusted list
Register a Certificate Revocation List so that revoked certificates can be detected during validation.
the CRL (DER-encoded)
Optionaltarget: "issuers" | "trusted"which folder/set to store the CRL in
Check a peer certificate against the trust store.
Returns StatusCodes.Good if trusted,
StatusCodes.BadCertificateUntrusted if unknown/rejected,
or another StatusCode for validation failures.
Dispose of the store, releasing resources (watchers,
handles). Only actually releases when
referenceCounter reaches zero.
Check whether a certificate is currently trusted.
Initialize the store (create dirs, load state).
Move a certificate to the rejected store. If previously trusted, it will be removed from the trusted set.
Move a certificate to the trusted store. If previously rejected, it will be removed from the rejected set.
Verify a certificate against the store.
Returns a string status: "Good", "BadCertificateUntrusted",
"BadCertificateTimeInvalid", etc.
Optionaloptions: { acceptOutdatedCertificate?: boolean }
Shared ownership counter.
Multiple clients/servers may share the same store.
dispose()only releases resources when the counter reaches zero — preventing premature cleanup.