EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Validation Certificate PFX always returns code 128

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
Posted: 06/20/2012 15:03:46
by Marcelo Vargas (Standard support level)
Joined: 06/06/2012
Posts: 21

I created a function to validate the certificate before using. Reason returns 0 when windows license but always returns code 128 when a PFX certificate :

private bool ValidaCertificado(TElX509Certificate certificate)
StringBuilder sMsg = new StringBuilder();
int _reason = 0;
TSBCertificateValidity validity = TSBCertificateValidity.cvInvalid;
if (certificate.CertStorage is TElWinCertStorage)
TElWinCertStorage certstorage = new TElWinCertStorage();
validity = certstorage.Validate(certificate, ref _reason, true, DateTime.Now);
TElX509CertificateValidator CertificateValidator = new TElX509CertificateValidator();
CertificateValidator.Validate(certificate, ref validity, ref _reason);
if (validity != TSBCertificateValidity.cvOk)
sMsg.Append("A certificado '");
sMsg.Append("' não é válido. ");
sMsg.AppendLine(retornaValidity(validity, _reason));
return false;
return true;
Posted: 06/20/2012 18:32:16
by Ken Ivanov (EldoS Corp.)


Reason 128 stands for vrCRLNotVerified constant. This means that the component was unable to retrieve a CRL or to validate a certificate against it.

Please note that TElCustomCertStorage.Validate() method only performs basic chain validation; in particular, with limited revocation checking. We recommend using TElX509CertificateValidator for comprehensive validations.
Posted: 06/21/2012 13:14:46
by Marcelo Vargas (Standard support level)
Joined: 06/06/2012
Posts: 21

This problem occurs because the CRL of the certificate is not updated on the local machine. I can get the URL that contains the certificate and CRL download it. How do I install, can you show me an example
Posted: 06/21/2012 13:23:37
by Vsevolod Ievgiienko (EldoS Corp.)


If you'll use TElX509CertificateValidator to validate a certificate and the CRL URL is present in certificates's extensions then you should simply initialize CRL retrievers as its described here: http://www.eldos.com/documentation/sb...dator.html In this case CRL will be downloaded and used automatically.
Posted: 06/21/2012 13:49:54
by Marcelo Vargas (Standard support level)
Joined: 06/06/2012
Posts: 21

There is a Sample App in the directory that demonstrate how to use? It was not clear to me an example would help a lot
Posted: 06/21/2012 14:02:49
by Eugene Mayevski (EldoS Corp.)

Please search for "TElX509CertificateValidator" in Samples\C# folder. Some (not all) samples show how to use the validator.

Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.



Topic viewed 1083 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!