Hernan de Lahitte's blog

<serviceCertificate>

     <authentication certificateValidationMode="ChainTrust" revocationMode="Online"/>

</serviceCertificate>

public class X509CertificateValidation

{

      public X509CertificateValidation(

            X509CertificateValidationMode certificateValidationMode,

            X509RevocationMode revocationMode,

            StoreLocation trustedStoreLocation,

            X509CertificateValidator customCertificateValidator)

      {

            this.certificateValidationMode = certificateValidationMode;

            this.revocationMode = revocationMode;

            this.trustedStoreLocation = trustedStoreLocation;

            // you can add you own custom validator as in WCF config

            this.customCertificateValidator = customCertificateValidator;

      }

      public X509CertificateValidator GetCertificateValidator()

      {

            X509CertificateValidator validator = null;

            switch (this.certificateValidationMode)

            {

                  case X509CertificateValidationMode.None:

                        validator = X509CertificateValidator.None;

                        break;

                  case X509CertificateValidationMode.PeerTrust:

                        validator = X509CertificateValidator.PeerTrust;

                        break;

                  case X509CertificateValidationMode.Custom:

                        validator = this.customCertificateValidator;

                        break;

                  case X509CertificateValidationMode.ChainTrust:

                        bool useMachineContext =

                                 this.trustedStoreLocation == StoreLocation.LocalMachine;

                        X509ChainPolicy chainPolicy = new X509ChainPolicy();

                        chainPolicy.RevocationMode = this.revocationMode;

                        if (this.certificateValidationMode == 

                                                X509CertificateValidationMode.ChainTrust)

                        {

                              validator = X509CertificateValidator.

                               CreateChainTrustValidator(useMachineContext, chainPolicy);

                        }

                        else

                        {

                              validator = X509CertificateValidator.

                         CreatePeerOrChainTrustValidator(useMachineContext, chainPolicy);

                        }

                        break;

            }

            if (validator == null)

            {

                  // throw if not validation found

                  throw new InvalidOperationException("MissingCertificateValidator");

            }

            return validator;

      }

}

X509CertificateValidation validation = new X509CertificateAuthentication([set params]);

Validation.GetCertificateValidator().Validate(yourCertificate);

public class MyConfigurationSection : ConfigurationSection

{

  // add your properties here

  [ConfigurationProperty("myCertificate")]

  public X509ServiceCertificateAuthenticationElement MyCertificateAuthentication

  {

      Get

      {

          return X509ServiceCertificateAuthenticationElement)this["myCertificate"];

      }

  }

}

And your config element will look like:

<myCertificate certificateValidationMode="ChainTrust" revocationMode="Online"/>

public X509CertificateAuthentication(X509ServiceCertificateAuthenticationElement element)

: this(element.CertificateValidationMode,

       element.RevocationMode, 

       element.TrustedStoreLocation,                

       CreateCustomCertificateValidator(element.CustomCertificateValidatorType))

{              

}