Re: CertIsValidCRLForCertificate

From: Vishal Agarwal[MSFT] (vishala_at_online.microsoft.com)
Date: 03/12/04


Date: Fri, 12 Mar 2004 10:00:36 -0800

Does your CRL has an IDP extension? If not, then it will return true.

This function doesn't check if the signer of the CRL is same as the issuer
of the Certificate. Is this what you are trying to verify? If so, you should
use CryptVerifyCertificateSignatureEx function.

Thanks,
Vishal[MSFT]

-- 
This posting is provided "AS IS" with no warranties, and confers no rights
"Juergen Ludyga" <juergen.ludyga@mentana_nospam_.de> wrote in message
news:%23w3ewQDCEHA.2060@TK2MSFTNGP12.phx.gbl...
> Hallo,
>
> I've to use this function, but it doesn't matter which CERT_CONTEXT and
> which CRL_CONTEXT I try, it'll alway return TRUE.
>
> <getting Cert from MY-Store, loading CRL from LDAP>
> BOOL bCert;
>
>
bCert=CertIsValidCRLForCertificate(pSignerCertFromSignature,pCRLContext,0,NU
> LL);
>
> bCert  ist allways TRUE!!!
>
> The certificate is ok, and the CRL Context also .
>
> Juergen
>
> ---
> If want to answer me, just remove _nospam_ .
>
>


Relevant Pages

  • Re: Thawte Digital Certificate Revocation List Issue
    ... > I am new to digital certificates and cannot get the Thawte certificate ... It's been awhile since I played with the Thawte certificates. ... Microsoft requires the cert ... CRL so Outlook doesn't know where to get ...
    (microsoft.public.security)
  • Re: Newbie wants to learn about PKI Server 2003......
    ... 2003 PKI Certificate Security", and have been lurking here for a bit. ... We will implement a 2 tier heirarchy, with the Root CA being offline. ... All clients that attempt revocation checking will first attempt to retrieve the CRL from the ... level below a self-signed cert, so applications that are 3280 compliant would never check the ...
    (microsoft.public.windows.server.security)
  • Re: revoking ipsec certificate doesnt work
    ... It's possible to publish manually the update delta and full CRL using the CA ... MMC SnapIn on the Server. ... my test VPN client never checks if the ... Server 2003 SP1 without any problem after the certificate is revoked nearly ...
    (microsoft.public.windows.server.security)
  • Help PKI installation - lots of questions !
    ... One STAND ALONE ROOT CA called SACAMX00 (SA stand for Stand Alone, ... AMERICAS Sub & CA ASIA Sub ... Client use this to find Delta CRL ... publish my CRL again even if no certificate are revoked? ...
    (microsoft.public.security)
  • Re: Help PKI installation - lots of questions !
    ... One STAND ALONE ROOT CA called SACAMX00 (SA stand for Stand Alone, ... AMERICAS Sub & CA ASIA Sub ... Client use this to find Delta CRL ... publish my CRL again even if no certificate are revoked? ...
    (microsoft.public.security)