EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Validation Certificate PFX always returns code 128

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#20558
Posted: 06/20/2012 15:03:46
by Marcelo Vargas (Standard support level)
Joined: 06/06/2012
Posts: 21

I created a function to validate the certificate before using. Reason returns 0 when windows license but always returns code 128 when a PFX certificate :

private bool ValidaCertificado(TElX509Certificate certificate)
{
StringBuilder sMsg = new StringBuilder();
int _reason = 0;
TSBCertificateValidity validity = TSBCertificateValidity.cvInvalid;
if (certificate.CertStorage is TElWinCertStorage)
{
TElWinCertStorage certstorage = new TElWinCertStorage();
certstorage.SystemStores.Add("MY");
validity = certstorage.Validate(certificate, ref _reason, true, DateTime.Now);
}
else
{
TElX509CertificateValidator CertificateValidator = new TElX509CertificateValidator();
CertificateValidator.Validate(certificate, ref validity, ref _reason);
}
if (validity != TSBCertificateValidity.cvOk)
{
sMsg.Append("A certificado '");
sMsg.Append(certificate.SubjectName.CommonName);
sMsg.Append("' não é válido. ");
sMsg.AppendLine(retornaValidity(validity, _reason));
return false;
}
return true;
}
#20561
Posted: 06/20/2012 18:32:16
by Ken Ivanov (EldoS Corp.)

Marcelo,

Reason 128 stands for vrCRLNotVerified constant. This means that the component was unable to retrieve a CRL or to validate a certificate against it.

Please note that TElCustomCertStorage.Validate() method only performs basic chain validation; in particular, with limited revocation checking. We recommend using TElX509CertificateValidator for comprehensive validations.
#20582
Posted: 06/21/2012 13:14:46
by Marcelo Vargas (Standard support level)
Joined: 06/06/2012
Posts: 21

This problem occurs because the CRL of the certificate is not updated on the local machine. I can get the URL that contains the certificate and CRL download it. How do I install, can you show me an example
#20583
Posted: 06/21/2012 13:23:37
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

If you'll use TElX509CertificateValidator to validate a certificate and the CRL URL is present in certificates's extensions then you should simply initialize CRL retrievers as its described here: http://www.eldos.com/documentation/sb...dator.html In this case CRL will be downloaded and used automatically.
#20584
Posted: 06/21/2012 13:49:54
by Marcelo Vargas (Standard support level)
Joined: 06/06/2012
Posts: 21

There is a Sample App in the directory that demonstrate how to use? It was not clear to me an example would help a lot
#20585
Posted: 06/21/2012 14:02:49
by Eugene Mayevski (EldoS Corp.)

Please search for "TElX509CertificateValidator" in Samples\C# folder. Some (not all) samples show how to use the validator.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 1105 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!