EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Loading trusted root certs

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
Posted: 06/10/2009 10:48:31
by Sandeep Mohan (Standard support level)
Joined: 02/25/2009
Posts: 46

We are using SSL BlackBox7 AX to load up certs in the windows trust store. It takes a long time to load the ROOT Trust Store. Is there a quicker way of validating the certificate?
Posted: 06/10/2009 11:28:44
by Ken Ivanov (Team)

Thank you for contacting us. What exactly period of time you are referring to as "long"?
Posted: 06/10/2009 11:49:36
by Sandeep Mohan (Standard support level)
Joined: 02/25/2009
Posts: 46

It takes around 1.5 minutes to validate the certificate.
Posted: 06/10/2009 12:01:17
by Ken Ivanov (Team)

Mmm, is it *validation* that takes 1.5 minutes or *opening a storage*? If it's validation, how exactly do you validate the certificate?
Posted: 06/10/2009 12:09:51
by Sandeep Mohan (Standard support level)
Joined: 02/25/2009
Posts: 46

Loading the trust store and validation together takes longer. I am basing this calculation on built code.
ElWinCertStorage.StorageType = stMemory
   ElWinCertStorage.AddStore ("ROOT")

Call ElMemCertStorage.Add(ElCertificate.Object)
      Call ElMemCertStorage.Validate(frmSocket.ElCertificate.Object, validity, reason)
      Set ext = ElCertificate.Extensions
      b = ext.BasicConstraints.CA
'      Set ch = ElCertificate.Chain
      If b = False Then
         Set crt = ElCertificate.Object
         i = ElMemCertStorage.GetIssuerCertificate(ElCertificate.Object)
         While i <> -1
            Set crt = ElMemCertStorage.GetCertificate(i)
            i = ElMemCertStorage.GetIssuerCertificate(crt)
         Validate = ValidateCertAgainstWindows(crt, strErrorMsg)
'        Debug.Print SslSocketStatus() & " SslSock_OnCertificateValidate " & strErrorMsg
         End If

Private Function ValidateCertAgainstWindows(ByVal cert As IElCertificateX, strDesc As String) As Boolean
   Dim blnValid As Boolean
   Dim validity As TxSBCertificateValidity
   Dim reason As TxSBCertificateValidityReason
   Call ElWinCertStorage.Validate(cert, validity, reason)
   Select Case validity
      Case SB_CERT_VALIDITY_OK  ' 1
         blnValid = True
         strDesc = "Security Certificate validated ok"
         blnValid = True
         strDesc = "Security Certificate is self-signed"
         blnValid = False
         strDesc = "Security Certificate has a storage error"
         blnValid = False
         Select Case reason
               strDesc = "Security Certificate has bad data"
               strDesc = "Security Certificate has been revoked"
               strDesc = "Security Certificate is not yet valid"
               strDesc = "Security Certificate has expired"
               strDesc = "Security Certificate has an invalid signature"
               strDesc = "Security Certificate's trusted Certificate Authority not found "
            Case Else
               strDesc = "Security Certificate is not valid"
         End Select
      Case Else
         blnValid = False
         strDesc = "Security Certificate has an unknown error"
   End Select
   ValidateCertAgainstWindows = blnValid
End Function
Posted: 06/10/2009 12:31:32
by Sandeep Mohan (Standard support level)
Joined: 02/25/2009
Posts: 46

I debugged the code with the programmer and the line where it took long time was
Call ElWinCertStorage.Validate(cert, validity, reason);
Posted: 06/10/2009 12:32:44
by Eugene Mayevski (Team)

First of all, try to comment out

ElWinCertStorage.StorageType = stMemory

and report the result.

Next, how many certificates (exactly) does ElWinCertStorage contain?

Sincerely yours
Eugene Mayevski
Posted: 06/10/2009 12:34:57
by Sandeep Mohan (Standard support level)
Joined: 02/25/2009
Posts: 46

Does this line load the trust store.

ElWinCertStorage.AddStore ("ROOT")

What i found was that the time taken is longer the first time around. The

Call ElWinCertStorage.Validate(cert, validity, reason);

Is faster the second time it goes through. Looks like the trust store is not completely loaded.
Posted: 06/10/2009 12:37:58
by Sandeep Mohan (Standard support level)
Joined: 02/25/2009
Posts: 46

After commenting the line it is still slow.
The store has 313 certs.
Posted: 06/10/2009 13:02:20
by Eugene Mayevski (Team)

Do you have *any* antivirus or intrusion detection / protection software on your computer? For example, Comodo Internet Security monitors application access to certificates and significantly slows down work with certificates.

Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.



Topic viewed 4924 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!