'Re: CertGetCertificateChain Revocation status unknown'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: CertGetCertificateChain Revocation status unknown
From:       "Ramkumar. R" <ramkumar_r () ATC ! TCS ! CO ! IN>
Date:       2003-06-12 4:19:31
[Download RAW message or body]

Actually it is downloading the crl in the temperory internet files folder.
Intermediate CA has a crl on HTTP. The root has the crl on LDAP.
It is downloading the crl of intermediateCA. Enenthough I am keeping
CERT_CHAIN_REVOCATION_CHECK_END_CERT to verify only end user cert
(for which CRL is available on HTTP) it is giving Revocation status unknown.

If I install the CRL on my machine then it is working fine.

Ramkumar
----- Original Message -----
From: "Ryan M. Hurst" <rmh@WINDOWS.MICROSOFT.COM>
To: <CryptoAPI@DISCUSS.MICROSOFT.COM>
Sent: Wednesday, June 11, 2003 8:57 PM
Subject: Re: CertGetCertificateChain Revocation status unknown


> See the MSDN "whitepaper troubleshooting certificate status and
revocation", my guess is that your certificates do not contain a CDP or the
CDP is not reachable.
>
> Ryan
>
>
>
> From: Ramkumar. R
> Sent: Tue 6/10/2003 9:04 PM
> To: CryptoAPI@DISCUSS.MICROSOFT.COM
> Subject: CertGetCertificateChain Revocation status unknown
>
>
> Hi,
>
> I am using CertGetCertificateChain to verify the revocation status and
validity of a certificate.
> I have specified CERT_CHAIN_REVOCATION_CHECK_END_CERT flag since I have to
verify the
> revocation status of end user certificate only. But if I am not installing
the latest CRL I am always getting
> CERT_TRUST_REVOCATION_STATUS_UNKNOWN. If I install the CRL then it is
working fine.
>
> A CRL distribution point is specified in the certificate. But I think the
function is not fetching the CRL online.
> My machine is Win2K and is behind a proxy server and a firewall.
>
> Any help is appreciated.
>
> Thanks
> Ramkumar. R
>
> ----------------------------------------------------------------
> Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
> contains important info. Save time, search the archives at
> http://discuss.microsoft.com/archives/index.html .
> To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
>
> ----------------------------------------------------------------
> Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
> contains important info. Save time, search the archives at
> http://discuss.microsoft.com/archives/index.html .
> To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic