Re: What does CERT_TRUST_IS_OFFLINE_REVOCATION mean? (Windows Server 2003)

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 09/30/03

• Next message: Tak: "Re: How can I add signature to already PKCS7 signed message under Window 98, NT ?"
• Previous message: David Cross [MS]: "Re: AT_SIGNATURE"
• Maybe in reply to: Sergio Dutra [MS]: "Re: What does CERT_TRUST_IS_OFFLINE_REVOCATION mean? (Windows Server 2003)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 30 Sep 2003 05:29:24 -0700

offline usually means the revocation information is not available, the CDP location is not accessible, etc. Your application should handle this error as appropriate. If you do cache only retrieval, this means that the CryptoAPI engine must have retrieved the objects for intermediate certs and CRLs previously. Otherwise it will always return an error.

CRLS: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/WinXPPro/support/tshtcrl.asp

-- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
  "Sam Wilson" <sam.wilson@bentley.com> wrote in message news:%23DYtffrhDHA.1932@TK2MSFTNGP11.phx.gbl...
  Starting with Windows Server 2003, I am starting to see a new status flag returned by CertGetCertificateChain. It is:
      CERT_TRUST_IS_OFFLINE_REVOCATION
  a) What does this mean and how can I get rid of it?  I call CertGetCertificateChain with the following flags: CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT|CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL
  b) When my user installs the CA who issued the cert as a Trusted Root, this status flag is no longer returned. Why? 
  Thanks for any insights into this problem.
  -------------------------------------------------
  Samuel W. Wilson   Bentley Systems, Inc.
  sam.wilson@bentley.com      www.bentley.com

---

• Next message: Tak: "Re: How can I add signature to already PKCS7 signed message under Window 98, NT ?"
• Previous message: David Cross [MS]: "Re: AT_SIGNATURE"
• Maybe in reply to: Sergio Dutra [MS]: "Re: What does CERT_TRUST_IS_OFFLINE_REVOCATION mean? (Windows Server 2003)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Install Windows Patch via GPO ... This posting is provided "AS IS" with no warranties, and confers no rights. ... (microsoft.public.windows.group_policy) Re: Trust windows 2k to windows 2k3 ... This posting is provided "AS-IS" with no warranties or guarantees and ... confers no rights. ... only reply to Newsgroups ... (microsoft.public.windows.server.active_directory) Re: Trust windows 2k to windows 2k3 ... This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. ... only reply to Newsgroups ... (microsoft.public.windows.server.active_directory) Re: Installing a 360 Media Center Extender ... This posting is provided "AS IS" with no warranties, and confers no rights. ... (microsoft.public.windows.mediacenter) Re: Trust windows 2k to windows 2k3 ... This posting is provided "AS IS" with no warranties, and confers no rights. ... only reply to Newsgroups ... (microsoft.public.windows.server.active_directory)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2003-09