Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The client has sent a request for the state of all registered KRA certificates. If the CA implements the Config_CA_KRA_Cert_List data, then the CA MUST return a byte array that contains the status for each of the KRAs in the Config_CA_KRA_Cert_List data. The value used MUST be one of the following.
|
Value |
Meaning |
|---|---|
|
KRA_DISP_EXPIRED (0x00) |
The certificate has expired. |
|
KRA_DISP_NOTFOUND (0x01) |
The certificate was not found. |
|
KRA_DISP_REVOKED (0x02) |
The certificate has been revoked. |
|
KRA_DISP_VALID (0x03) |
The certificate is valid. |
|
KRA_DISP_NOTLOADED (0x04) |
The certificate is not loaded. |
|
KRA_DISP_INVALID (0x05) |
The certificate is invalid. |
|
KRA_DISP_UNTRUSTED (0x06) |
The certificate is not trusted. |
The CA MUST return the byte array in a CERTTRANSBLOB (section 2.2.2.2) structure. The first byte MUST identify the status for the first KRA certificate in the list, and the second byte MUST identify the same for the second KRA certificate. Subsequent bytes MUST repeat this pattern. For more information, see [MSFT-ARCHIVE].
If the CA does not implement the Config_CA_KRA_Cert_List data, the CA MUST return a non-zero error.