This page covers the .NET frameworkâs integration with native certificate stores.
It applies to any language that runs on .NET (e.g. C#, F#).
There are two main runtimes for .NET:
Since at least .NET 5, the official CLR has been open source and available for all major operating systems. Therefore these instructions will focus on how the official CLR works.
.NET applications that use the System.Net APIs (for example, System.Net.Http.HttpClient for HTTPS connections, and System.Net.Security.SslStream for other TLS connections) will retrieve TLS certificates from the Windows Certificate Store.
This has been the default behavior in all versions of the Windows CLR. You do not need to do anything extra to use it.
.NET applications that use the System.Net APIs will retrieve TLS certificates from the macOS Keychain.
This has been the default behavior of the macOS CLR since version 2.0.0, when it was migrated from OpenSSL to the Apple cryptography APIs (dotnet/runtime#17597). You do not need to do anything extra to use it.