TElX509CertificateChain.Validate method

Navigation

TElX509CertificateChain.Validate

Validates the certificate chain.

Declaration

[C#]
TSBCertificateValidity Validate(TSBCertificateValidityReason Reason, DateTime ValidityMoment /* = 0 */);
TSBCertificateValidity Validate(TSBCertificateValidityReason Reason, bool CheckCACertDates, DateTime ValidityMoment /* = 0 */);

[VB.NET]
Function Validate(ByVal Reason As TSBCertificateValidityReason, ByVal ValidityMoment As DateTime = 0) As TSBCertificateValidity
Function Validate(ByVal Reason As TSBCertificateValidityReason, ByVal CheckCACertDates As Boolean, ByVal ValidityMoment As DateTime = 0) As TSBCertificateValidity

[Pascal]
function Validate(var Reason: TSBCertificateValidityReason; ValidityMoment: TDateTime = 0): TSBCertificateValidity;
function Validate(var Reason: TSBCertificateValidityReason; CheckCACertDates: boolean; ValidityMoment: TDateTime = 0): TSBCertificateValidity;

[VB6]
Function IElX509CertificateChainX.Validate(ByVal Reason As TxSBCertificateValidityReason, ByVal ValidityMoment As DATE) As TxSBCertificateValidity

[ActiveX]
HRESULT _stdcall IElX509CertificateChainX.Validate([out] TxSBCertificateValidityReason * Reason, [in] DATE ValidityMoment, [out, retval] TxSBCertificateValidity * Validity);

[DLL]
not implemented;

Parameters

Reason - certificate invalidity reason
ValidityMoment - moment for which the validity must be checked
CheckCACertDates - When this parameter is False, time specified in ValidityMoment is checked against validity period of the certificate being validated only.
When CheckCACertDates is True, validity periods of all certificates in the chain are questioned.
Default value is False.

Values

[.NET] [Pascal] [ActiveX] [DLL] Description

SBX509.Unit.vrBadData=1 vrBadData SB_CERT_VALIDITY_REASON_BAD_DATA = 1 Invalid certificate format or certificate is corrupted

SBX509.Unit.vrRevoked=2 vrRevoked SB_CERT_VALIDITY_REASON_REVOKED = 2 Certificate is revoked by Issuer

SBX509.Unit.vrNotYetValid=4 vrNotYetValid SB_CERT_VALIDITY_REASON_NOT_YET_VALID = 4 Certificate is not valid yet

SBX509.Unit.vrExpired=8 vrExpired SB_CERT_VALIDITY_REASON_EXPIRED = 8 Certificate is expired

SBX509.Unit.vrInvalidSignature=16 vrInvalidSignature SB_CERT_VALIDITY_REASON_INVALID_SIGNATURE = 16 Certificate contains invalid digital signature, it could be corrupted

SBX509.Unit.vrUnknownCA=32 vrUnknownCA SB_CERT_VALIDITY_REASON_UNKNOWN_CA = 32 Issuer (CA) certificate was not found.

SBX509.Unit.vrCAUnauthorized=64 vrCAUnauthorized SB_CERT_VALIDITY_REASON_CA_UNAUTHORIZED = 64 Issuer (CA) certificate was found but it's key usage fields don't allow use of this certificate for signing other certificates.

SBX509.Unit.vrCRLNotVerified=128 vrCRLNotVerified SB_CERT_VALIDITY_REASON_CRL_NOT_VERIFIED = 128 Certificate Revocation List for this certificate could not be retrieved and/or validated.

SBX509.Unit.vrOCSPNotVerified=256 vrOCSPNotVerified SB_CERT_VALIDITY_REASON_OCSP_NOT_VERIFIED = 256 OCSP response for this certificate could not be retrieved and/or validated.

SBX509.Unit.vrIdentityMismatch=512 vrIdentityMismatch SB_CERT_VALIDITY_REASON_IDENTITY_MISMATCH = 512 Provided certificate doesn't include the specified name and / or IP address. Either the remote side in TLS or sender in S/MIME is misconfigured, or the certificate is misused by the remote side or sender, or authenticity of the remote side or sender is forged.

SBX509.Unit.vrNoKeyUsage=1024 vrNoKeyUsage SB_CERT_VALIDITY_REASON_NO_KEY_USAGE = 1024 Provided certificate may not be used for chosen activity (identifying TLS server or client or S/MIME message sender)

SBX509.Unit.vrBlocked=2048 vrBlocked SB_CERT_VALIDITY_REASON_BLOCKED = 2048 Provided certificate has been found in the list of blocked certificates

Declared in

[.NET] [Pascal]

Namespace: SBX509
Assembly: SecureBlackbox Unit: SBX509

Return value

[.NET] [Pascal] [ActiveX] [DLL] Description

cvOk = 0 cvOk SB_CERT_VALIDITY_OK = 1 certificate was validated successfully and is valid

cvSelfSigned = 1 cvSelfSigned SB_CERT_VALIDITY_SELF_SIGNED = 2 certificate is self signed

cvInvalid = 2 cvInvalid SB_CERT_VALIDITY_INVALID = 4 certificate is invalid

cvStorageError = 3 cvStorageError SB_CERT_VALIDITY_STORAGE_ERROR = 8 certificate was not validated due to certificate storage error

cvChainUnvalidated = 4 cvChainUnvalidated SB_CERT_VALIDITY_CHAIN_UNVALIDATED = 16 certificate chain was not validated because while the certificate itself is valid, one or more of CA Certificates in the chain have validation problems.

Declared in

[.NET] [Pascal]

Namespace: SBX509
Assembly: SecureBlackbox Unit: SBX509

Description

Use this method to validate a completed certificate chain. In a case when the chain is invalid, parameter Reason contains the invalidity reason.