Re: How to verify CA for a X.509 certificate

From: Bas van Atteveldt (
Date: 06/12/04

Date: Sat, 12 Jun 2004 12:25:12 +0200

It helps a little. I had already found that article but it is an awfull lot
of work using almost exclusively unmanaged calls. More importantly, if I
read it correctly, it only checks if the issuer name exists in a store; this
is not secure as the issuer name can be forged quite easily. It should check
if the public key of the issuer (or the issuer's issuer, etc.) is in the
store. I believe that code like this can also be done managed using the WSE
(web services enhancements) from microsoft.


"Michel Gallant" <> wrote in message
> Note sure is this helps:
> - Mitch Gallant
> MVP Security