Home
ASP.NET Forums » General ASP.NET » Security » How to verify Certificate Revocation using x509chain online check ???

How to verify Certificate Revocation using x509chain online check ???

Last post 08-29-2007 12:34 AM by vallamreddy.supraja@gmail.com. 3 replies.

Sort Posts:

  • How to verify Certificate Revocation using x509chain online check ???

    08-22-2007, 8:17 AM

    chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;

    chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;

     chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(1000);

    chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags;

    chain.ChainPolicy.VerificationTime = DateTime.Now;

    this is code i am using for online check.but it is not checking online properly. could you please help me any one .

     

    Thanks in Advanced,

     

  • Re: How to verify Certificate Revocation using x509chain online check ???

    08-24-2007, 4:37 AM

    vallamreddy.supraja@gmail.com:

    but it is not checking online properly. could you please help me any one .

    Hi

    X509Chain is used for certificate validation and give a global error status inside ChainStatus. Here is the verification used to check the Certificate revocation status performed online. Hope it helps

                X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
            store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);

            //Output store information.
            string output = "";
            output = "Store Information";
            output += "Number of certificates in the store: " + store.Certificates.Count;

            output += "Store location: " + store.Location;
            output += "Store name: " + store.Name + "  " + Environment.NewLine;

            //Put certificates from the store into a collection so user can select one.

            X509Certificate2Collection fcollection = (X509Certificate2Collection)store.Certificates;
            X509Certificate2Collection collection = X509Certificate2UI.SelectFromCollection(fcollection, "Select an X509 Certificate", "Choose a certificate to examine.", X509SelectionFlag.SingleSelection);

            X509Certificate2 certificate = collection[0];
            X509Certificate2UI.DisplayCertificate(certificate);
            
            
            
            X509Chain chain = new X509Chain();

            chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;

            chain.ChainPolicy.RevocationMode =

            X509RevocationMode.Online; //  X509RevocationMode.Offline;

            chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 30);

            chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;

            chain.Build(certificate);

            Console.WriteLine(output);
                for( int i=0;i< chain.ChainStatus.Length;i++)
            
            {
                Console.WriteLine(chain.ChainStatus[i].Status);
            
            }
     
    Best Regards
    XiaoYong Dai
    Microsoft Online Community Support

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Re: How to verify Certificate Revocation using x509chain online check ???

    08-27-2007, 1:24 AM

    HI,

    Thanks for ur reply...

    Actually i need online check for certificate not for the store certificate?

    could u please send me the example on online check.

    Thanks in Advanced

     

  • Re: How to verify Certificate Revocation using x509chain online check ???

    08-29-2007, 12:34 AM

    HI,

     I am developing a digital signature verification component  in C# .NET. 

     In this verification I need to check the Certificate revocation status against a Online CRL stored in a directory?  

    chk the below code by using  status online  it is working properly while online check. i couldn't find any exapmle

           string status = "";
                X509Chain chain = new X509Chain();
               
                    chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;

                    chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EndCertificateOnly;
               
                    chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
              
                 chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 30);

                     chain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
                      
                chain.Build(certificate);
                foreach (X509ChainStatus s in chain.ChainStatus)
                {
                    string str = s.Status.ToString();
                    if (!str.Equals(""))
                    {
                        //flag = false;
                        status = s.Status.ToString();
                        break;
                    }
                }
                chain.Reset();
                return status;
            }

     

    Please let me know how exactly will do using Online and offline check.

    Thanks-
Page 1 of 1 (4 items)
RSS Available

Contact | Advertise | Ads by BanManPro | Running IIS7
All Rights Reserved. | Terms of Use | Trademarks | Privacy Statement
© 2009 Microsoft Corporation.