Revoke client X509 certificate
I have ASP.NET web service on windows server 2003. I have own certificate authority. I use own client certificate on authentification in web service. I make client certificate. I call web service, everything is ok. Then I revoke this certificate in certification authority. Certificate is in Revoked certificate. I call web service with this certificate, but web service verify this certificate as good, but this certificate is between revoked. I don't know why? Anybody help me please?
I use this method on verify certificate.
X509Certificate2.Verify Method
I don't get any exception, certificate is between revoked, but web service verify this certificate as good.
to klausbyskov: Thank you. So I try this :
public void CreateUser(X509Certificate2 cert)
{
ServicePointManager.UseNagleAlgorithm = true;
ServicePointManager.Expect100Continue = true;
ServicePointManager.CheckCertificateRev开发者_JS百科ocationList = true;
ServicePointManager.DefaultConnectionLimit = ServicePointManager.DefaultPersistentConnectionLimit;
if (VefiryCert(cert))
{
//...
}
}
But the revoked certificate is still verify as good
Try setting the CheckCertificateRevocationList property of the ServicePointManager class to true before calling Verify().
Try setting it in applications config file:
Maybe that helps..
Validation is based on various factors.
Does the certificate have Certificate Revocation List Distribution Point (CDP) Extensions and is the CRL accessible? (https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.13)
NOTE: CRLs are cached!
The only way to check the validity without almost any delay would be asking the CA itself. But I wouldn't consider this as an option.
For what you are trying to achieve the online responder protocol has been introduced (http://www.ietf.org/rfc/rfc2560.txt).
Does the certificate have an AIA OCSP Extension and do you have an OCSP Responder set up? What are the triggers/intervals of OCSP (as its data is also a CRL)?
加载中,请稍侯......
精彩评论