|
Posted by Bruno Jouhier on January 10, 2007, 12:22 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hello,
I am having a problem with certificate validation. My certificate trust
chain looks like the following:
My Cert -> Test Root -> Root
The X509Certificate2.Validate method returns false on "My Cert".
I investigated why with X509Chain and I found out that "Root" validates OK
but "Test Root" does not. On this element, I get a RevocationStatusUnknown
error, and then, of course, validation failed for "My Cert".
The "Test Root" certificate does not have any CDP (CRL Distribution Point)
property ("My Cert" has a CDP but "Test Root" does not). I think that this
explains why the certificate validation fails but I don't know what to do to
get the validation logic to ignore this condition. I tried various
combinations of Policy.RevocationMode/RevocationFlags/VerificationFlags on
the X509Chain object before calling the Build method but had no luck (Test
Root is never valid).
When I look at the certificate with the certificate manager, the status is
"valid", probably because this tool does a weaker verification than the .NET
API. Is there a way to relax the .NET verification rules and get the same
result in .NET as in the certificate manager?
I'll appreciate any help on this.
Bruno
| 
XML site map