EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CRL Root Certificate control

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#37476
Posted: 08/16/2016 11:51:21
by Deniz YILMAZ (Standard support level)
Joined: 07/17/2014
Posts: 3

Hi,
I got a problem when signing a XML.
The log file was attachted.
#37481
Posted: 08/17/2016 02:48:36
by Ken Ivanov (EldoS Corp.)

Hi Deniz,

Thank you for contacting us. It seems that the log file didn't attach, could you please try again?

Ken
#37483
Posted: 08/17/2016 06:12:01
by Deniz YILMAZ (Standard support level)
Joined: 07/17/2014
Posts: 3

Sorry,


[ Download ]
#37484
Posted: 08/17/2016 07:39:02
by Deniz YILMAZ (Standard support level)
Joined: 07/17/2014
Posts: 3

Hi again,
there are 2 roots and one is expired. (14.08.2016 - dd.mm.yyyy)
The problem is, when checking CRL chek tis one. How to cancel to chek this one.
#37485
Posted: 08/17/2016 08:41:09
by Ken Ivanov (EldoS Corp.)

Thank you.

As per the log, validation of one of OCSP certificates fails, as the validator can't find the issuer of the following certificate: CN=E-Tugra Certification Authority. The subject field of the missing certificate is /CN=EBG Elektronik Sertifika Hizmet Saðlayýcýsý/O=EBG Biliþim Teknolojileri ve Hizmetleri A.Þ./C=TR. This OCSP validation failure then leads to the whole chain validation failure.

There are two ways in which you can address the issue. The first one is to obtain the missing certificate and add it to the list of certificates known to the validator. The second is to relax validation settings by only requiring one revocation check method (CRL or OCSP) to succeed. This can be achieved by adjusting the following properties:

- MandatoryCRLCheck: false;
- MandatoryOCSPCheck: false;
- MandatoryRevocationCheck: true.

Quote
The problem is, when checking CRL chek tis one. How to cancel to chek this one.

Cross-certification support (which seems to be the case in your scenario) was only added in SBB 15. Please upgrade to SBB 15 to make cross-certified certificates validate correctly. In the majority of cases you don't need to configure anything else, the validator will pick the right CA certificate automatically.

Ken
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 570 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!