Re: CRL list
From: Shawn Corey [MSFT] (shawncor_at_online.microsoft.com)
Date: 02/09/04
- Next message: security: "CSP question"
- Previous message: Ryan Menezes [MSFT]: "Re: CSP DLL Signed by Microsoft: Signature not recognised by Certificate Services"
- In reply to: bob biris: "Re: CRL list"
- Next in thread: bob biris: "Re: CRL list"
- Reply: bob biris: "Re: CRL list"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 9 Feb 2004 13:18:39 -0800
If the certificate or any certificate from the same issuing CA was
previously verified on the machine then CAPI probably cached the CRL locally
to avoid having to download it again. This cert will continue to verify,
even with the box unplugged, till the CRL expires. If you want to verify
this set the system clock to past the expire date for the CRL, 1 year
usually does the trick, and the Verify should fail. If you are using
makecert or some other util to make the certs then they probably don't have
CDPs so the only check is that the root is trusted and that the signatures
of the certs are valid.
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "bob biris" <bobbiris@hotmail.com> wrote in message news:ce8efab7.0402090628.60550ce5@posting.google.com... > Shawn > > I used the oSign.verify(s, True, > CAPICOM_VERIFY_SIGNATURE_AND_CERTIFICATE) and to be sure that it was > doing an online checking I unplugged my machine. > > I ran the code again and .... it still verified! > > Am I missing something? > > Thanks
- Next message: security: "CSP question"
- Previous message: Ryan Menezes [MSFT]: "Re: CSP DLL Signed by Microsoft: Signature not recognised by Certificate Services"
- In reply to: bob biris: "Re: CRL list"
- Next in thread: bob biris: "Re: CRL list"
- Reply: bob biris: "Re: CRL list"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
