Security

Re: How to verify Certificate Revocation using x509chain online check ???

vallamreddy.supraja@gmail.com — Wed, 29 Aug 2007 04:34:16 GMT

HI,

I am developing a digital signature verification component in C# .NET.

In this verification I need to check the Certificate revocation status against a Online CRL stored in a directory?

chk the below code by using status online it is working properly while online check. i couldn't find any exapmle

       string status = "";
            X509Chain chain = new X509Chain();

                chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;

                chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EndCertificateOnly;

                chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;

           chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 30);

                 chain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;

            chain.Build(certificate);
            foreach (X509ChainStatus s in chain.ChainStatus)
            {
                string str = s.Status.ToString();
                if (!str.Equals(""))
                {
                    //flag = false;
                    status = s.Status.ToString();
                    break;
                }
            }
            chain.Reset();
            return status;
        }

Please let me know how exactly will do using Online and offline check.

Thanks-

Re: How to verify Certificate Revocation using x509chain online check ???

vallamreddy.supraja@gmail.com — Mon, 27 Aug 2007 05:24:28 GMT

HI,

Thanks for ur reply...

Actually i need online check for certificate not for the store certificate?

could u please send me the example on online check.

Thanks in Advanced

Re: How to verify Certificate Revocation using x509chain online check ???

XiaoYong Dai – MSFT — Fri, 24 Aug 2007 08:37:52 GMT

vallamreddy.supraja@gmail.com:

but it is not checking online properly. could you please help me any one .

X509Chain is used for certificate validation and give a global error status inside ChainStatus. Here is the verification used to check the Certificate revocation status performed online. Hope it helps

            X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
            store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);

            //Output store information.
            string output = "";
            output = "Store Information";
            output += "Number of certificates in the store: " + store.Certificates.Count;

            output += "Store location: " + store.Location;
            output += "Store name: " + store.Name + "  " + Environment.NewLine;

            //Put certificates from the store into a collection so user can select one.

            X509Certificate2Collection fcollection = (X509Certificate2Collection)store.Certificates;
            X509Certificate2Collection collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection);

            X509Certificate2 certificate = collection[0];
            X509Certificate2UI.DisplayCertificate(certificate);
            
            
            
            X509Chain chain = new X509Chain();

            chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;

            chain.ChainPolicy.RevocationMode =

            X509RevocationMode.Online; //  X509RevocationMode.Offline;

            chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 30);

            chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;

            chain.Build(certificate);

            Console.WriteLine(output);

            for( int i=0;i< chain.ChainStatus.Length;i++)
            
            {
                Console.WriteLine(chain.ChainStatus[i].Status);
            
            }

How to verify Certificate Revocation using x509chain online check ???

vallamreddy.supraja@gmail.com — Wed, 22 Aug 2007 12:17:43 GMT

chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;

chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;

chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(1000);

chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;

chain.ChainPolicy.VerificationTime = DateTime.Now;

this is code i am using for online check.but it is not checking online properly. could you please help me any one .

Thanks in Advanced,