Hi Team!
This question in not directly related to REBEX, but I hope you have a solution based on your libraries.
I created a certificate and, after, I created a CRL file, without any issue on both. I published the certificate into my STORE and put the CRL in the URL pointed by the Certificate.DistributionPoint.
But, when I tried to get information about its revocation (done minutes after), I have the status of IS_VALID and ChainStatus is empty, indicating the certificate is NOT revoked.
My code to check it is:
Using chain As New X509Chain
chain.Reset()
chain.ChainPolicy.RevocationMode = X509RevocationMode.Online
chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EndCertificateOnly
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority Or X509VerificationFlags.IgnoreCtlNotTimeValid Or X509VerificationFlags.IgnoreInvalidBasicConstraints Or X509VerificationFlags.IgnoreWrongUsage Or X509VerificationFlags.IgnoreNotTimeNested
chain.ChainPolicy.UrlRetrievalTimeout = New TimeSpan(0, 0, 0, 30)
chain.ChainPolicy.VerificationTime = Date.Now
Dim elementValid = chain.Build(certificate)
<< here I have "elementValid = True" and ChainStatus.Length = 0 >>
End using
Interesting notice that:
- the URL is normally reachable;
- no error is raised during the process;
- the CRL DistributionPoint is reachable;
- the CRL DistributionPoint has no lexical error.
Do you know how can I check revocations using the online parameter?
I appreciate your spend time even if this question cannot be answered.