dotnet · dotnet-policy-service · Nov 1, 2024 · Oct 31, 2024
diff --git a/xml/System.Security.Cryptography.X509Certificates/X509Certificate2.xml b/xml/System.Security.Cryptography.X509Certificates/X509Certificate2.xml
@@ -225,7 +225,7 @@
           <format type="text/markdown"><![CDATA[  
   
 ## Remarks  
- This constructor creates a new <xref:System.Security.Cryptography.X509Certificates.X509Certificate2> object using certificate information from a byte array. The byte array can be binary (DER) encoded or Base64-encoded X.509 data. The byte array can also be a PKCS7 (Authenticode) signed file; the signer certificate is used to create the object.  
+ This constructor creates a new <xref:System.Security.Cryptography.X509Certificates.X509Certificate2> object using certificate information from a byte array. The byte array can be binary (DER) encoded or PEM-encoded X.509 data. The byte array can also be a PKCS7 (Authenticode) signed file; the signer certificate is used to create the object.  
   
  If you create an <xref:System.Security.Cryptography.X509Certificates.X509Certificate2> certificate by specifying a PKCS7 signed file store for `rawData`, the <xref:System.Security.Cryptography.X509Certificates.X509Certificate2> is created for the certificate that signed the store rather than for any of the certificates within the store.  
   
@@ -466,7 +466,7 @@
           <format type="text/markdown"><![CDATA[  
   
 ## Remarks  
- This constructor creates a new <xref:System.Security.Cryptography.X509Certificates.X509Certificate2> object using a certificate file name. It supports binary (DER) encoding or Base64 encoding.  
+ This constructor creates a new <xref:System.Security.Cryptography.X509Certificates.X509Certificate2> object using a certificate file name. It supports binary (DER) encoding or PEM encoding.  
   
  If you create an <xref:System.Security.Cryptography.X509Certificates.X509Certificate2> certificate by specifying a PKCS7 signed file store for `fileName`, the <xref:System.Security.Cryptography.X509Certificates.X509Certificate2> is created for the certificate that signed the store rather than for any of the certificates within the store.  
   
@@ -2427,7 +2427,7 @@ The certificate is encoded according to the IETF RFC 7468 "strict"
 ## Remarks  
  This method can be used to take a raw byte array of an X.509 certificate and populate the <xref:System.Security.Cryptography.X509Certificates.X509Certificate2> object with its associated values.  
   
- Since this method accepts only a byte array, it can be used only for certificate types that do not require a password, including a Base64-encoded or DER-encoded X.509 certificate or a PFX/PKCS12 certificate. Note that a PFX/PKCS12 certificate can contain more than one certificate. In that case, the first certificate associated with a private key is used or, if no private key is found, the first certificate is used.  
+ Since this method accepts only a byte array, it can be used only for certificate types that do not require a password, including a PEM-encoded or DER-encoded X.509 certificate or a PFX/PKCS12 certificate. Note that a PFX/PKCS12 certificate can contain more than one certificate. In that case, the first certificate associated with a private key is used or, if no private key is found, the first certificate is used.  
   
  ]]></format>
         </remarks>
@@ -2491,7 +2491,7 @@ The certificate is encoded according to the IETF RFC 7468 "strict"
 ## Remarks  
  This method uses a certificate file, such as a file with a .cer extension, that represents an X.509 certificate and populates the <xref:System.Security.Cryptography.X509Certificates.X509Certificate2> object with the certificate the file contains.  
   
- This method can be used with several certificate types, including Base64-encoded or DER-encoded X.509 certificates, PFX/PKCS12 certificates, and signer certificates such as Authenticode. Note that a PFX/PKCS12 certificate can contain more than one certificate. In that case, the first certificate associated with a private key is used or, if no private key is found, the first certificate is used.  
+ This method can be used with several certificate types, including PEM-encoded or DER-encoded X.509 certificates, PFX/PKCS12 certificates, and signer certificates such as Authenticode. Note that a PFX/PKCS12 certificate can contain more than one certificate. In that case, the first certificate associated with a private key is used or, if no private key is found, the first certificate is used.  
   
  ]]></format>
         </remarks>
@@ -2569,7 +2569,7 @@ The certificate is encoded according to the IETF RFC 7468 "strict"
           <format type="text/markdown"><![CDATA[  
   
 ## Remarks  
- You can use this method for certificate types such as Base64-encoded or DER-encoded X.509 certificates, or PFX/PKCS12 certificates. Note that a PFX/PKCS12 certificate can contain more than one certificate. In that case, the first certificate associated with a private key is used or, if no private key is found, the first certificate is used.  
+ You can use this method for certificate types such as PEM-encoded or DER-encoded X.509 certificates, or PFX/PKCS12 certificates. Note that a PFX/PKCS12 certificate can contain more than one certificate. In that case, the first certificate associated with a private key is used or, if no private key is found, the first certificate is used.  
   
 > [!IMPORTANT]
 >  Never hard code a password within your source code.  Hard-coded passwords can be retrieved from an assembly using the [Ildasm.exe (IL Disassembler)](/dotnet/framework/tools/ildasm-exe-il-disassembler), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.  
@@ -2648,7 +2648,7 @@ The certificate is encoded according to the IETF RFC 7468 "strict"
 ## Remarks  
  This method can be used to populate an <xref:System.Security.Cryptography.X509Certificates.X509Certificate2> object using a password for the certificate represented by the byte array. The <xref:System.Security.Cryptography.X509Certificates.X509KeyStorageFlags> value can be used to control where and how to import the private key.  
   
- This method accepts a byte array and can be used for certificate types such as Base64-encoded or DER-encoded X.509 certificates or PFX/PKCS12 certificates. Note that a PFX/PKCS12 certificate can contain more than one certificate. In that case, the first certificate associated with a private key is used or, if no private key is found, the first certificate is used.  
+ This method accepts a byte array and can be used for certificate types such as PEM-encoded or DER-encoded X.509 certificates or PFX/PKCS12 certificates. Note that a PFX/PKCS12 certificate can contain more than one certificate. In that case, the first certificate associated with a private key is used or, if no private key is found, the first certificate is used.  
   
 > [!IMPORTANT]
 >  Never hard code a password within your source code.  Hard-coded passwords can be retrieved from an assembly using the [Ildasm.exe (IL Disassembler)](/dotnet/framework/tools/ildasm-exe-il-disassembler), a hex editor, or by simply opening up the assembly in a text editor such as Notepad.exe.