J
jaslong
I have currently implemented a custom revocation check (custom dll
registered as the default provider) utilising the CertVerifyRevocation
CAPI interface.
I sign an email message and sent it to myself - OK
It calls my custom DLL -OK
The issue here is two fold:
Firstly for a given end entity (subject) I have a path to the root
certificate via a sub-CA.
Therefore the end-entity certificate has all three certificates
included (as expected) - now the problem is that mt DLL is called 3
TIMES!!!! and passed a X509 certificate each time.
Secondly, I cannot respond to the client the status of these
certificates as I dont have all the information to build the path (if
separatley sent).
Question:
Why does outlook send these as separate X509 certs and not a single
PKCS7?
This isuue alone means i need to implement a seperate API on my
authentication server and cannot utilise the existing implementation
which supports P7's (which is logical to assume that you want all
certs available).
Can you set outlook to send all certificates when performing a
revocation check?
Any help would be greatly appriciated cos ive invested a lot of time
with this and hit a brick wall
cheers,
registered as the default provider) utilising the CertVerifyRevocation
CAPI interface.
I sign an email message and sent it to myself - OK
It calls my custom DLL -OK
The issue here is two fold:
Firstly for a given end entity (subject) I have a path to the root
certificate via a sub-CA.
Therefore the end-entity certificate has all three certificates
included (as expected) - now the problem is that mt DLL is called 3
TIMES!!!! and passed a X509 certificate each time.
Secondly, I cannot respond to the client the status of these
certificates as I dont have all the information to build the path (if
separatley sent).
Question:
Why does outlook send these as separate X509 certs and not a single
PKCS7?
This isuue alone means i need to implement a seperate API on my
authentication server and cannot utilise the existing implementation
which supports P7's (which is logical to assume that you want all
certs available).
Can you set outlook to send all certificates when performing a
revocation check?
Any help would be greatly appriciated cos ive invested a lot of time
with this and hit a brick wall
cheers,