EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElX509CertificateValidator validation fails when it should not

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#34297
Posted: 08/24/2015 12:01:18
by Charlie Jimenez (Standard support level)
Joined: 08/14/2012
Posts: 38

Hello,

I am using the TElX509CertificateValidator object with a TElSecureClient component in .Net. SBB version is 13.0.277.0.

During the SSL handshake, the server sends me its certificate and also the issuer certificate. The TElX509CertificateValidator fails the validation with a Reason code of 64 (CA not authorized). Yet the issuer certificate's Key Usage is set for Digital signature, Certificate signing, and CRL signing.

So why would TElX509CertificateValidator be rejecting this issuer certificate? Is there something else it is looking for in the Key usage or other fields?

Thanks,

Charlie
#34298
Posted: 08/24/2015 12:12:41
by Eugene Mayevski (EldoS Corp.)

Some certificates don't have their properties set properly (certain attributes must be set to critical and they are not).

Please try setting IgnoreCABasicConstraints and IgnoreCANameConstraints properties to true and see if this helps.


Sincerely yours
Eugene Mayevski
#34299
Posted: 08/24/2015 12:25:23
by Charlie Jimenez (Standard support level)
Joined: 08/14/2012
Posts: 38

Thanks for you quick reply.

Yes, changing those settings allowed the cert chain to be validated. I checked the issuer cert and although the Key usages are set as I stated, they are not marked critical, so maybe that's the problem.

Thanks again,

CHarlie

Reply

Statistics

Topic viewed 1993 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!