2.2.3.177.18 Status (ValidateCert)
The Status element is a required child element of the ValidateCert element and the Certificate element in ValidateCert command responses that indicates whether one or more certificates were successfully validated.
All elements referenced in this section are defined in the ValidateCert namespace.
|
Command request/response |
Parent elements |
Child elements |
Data type |
Number allowed |
|---|---|---|---|---|
|
ValidateCert command response (section 2.2.1.22) |
ValidateCert (section 2.2.3.195) Certificate (section 2.2.3.19) |
None |
integer ([MS-ASDTYPE] section 2.6) |
1...N (required) |
As a child of the ValidateCert element, the Status element indicates the success or failure of the ValidateCert command. A value of 1 indicates success, and a value of 17 indicates failure.
As a child of the Certificate element, the Status element contains a status code which indicates the results of the validation of the specific certificate. The following table lists the status codes that apply to certificate validation for the ValidateCert command (section 2.2.1.22).
|
Value |
Meaning |
Cause |
Scope |
Resolution |
|---|---|---|---|---|
|
1 |
Success. |
Server successfully completed command. |
Global |
None. |
|
2 |
Protocol error. |
Supplied protocol parameters are out of range or invalid. |
Global |
Fix client code. |
|
3 |
The signature in the digital ID cannot be validated. |
The signature in the certificate is invalid. |
Item |
Verify that the certificate has a valid signature. |
|
4 |
The digital ID was issued by an untrusted source. |
The certificate source is not trusted by the server. |
Item |
Contact the administrator to add the certificate to the trusted sources list if it is required. |
|
5 |
The certificate chain that contains the digital ID was not created correctly. |
Invalid, incorrectly formatted certificate. |
Item |
Verify that the certificate chain is formatted correctly. |
|
6 |
The digital ID is not valid for signing email messages. |
The supplied certificate is not meant to be used for signing email. |
Item |
Prompt the user. |
|
7 |
The digital ID used to sign the message has expired or is not yet valid. |
The certificate has expired. |
Item |
Obtain a new certificate. |
|
8 |
The time periods during which the digital IDs in the certificate chain are valid are not consistent. |
One or more certificates in the chain could be out of date. |
Item |
Get the most recent certificate chain for the certificate. |
|
9 |
A digital ID in the certificate chain is used incorrectly. |
The supplied certificate is not valid for what it is being used for. |
Item |
Obtain a new certificate. |
|
10 |
Information associated with the digital ID is missing or incorrect. |
The certificate format is incorrect. |
Item |
Obtain a new certificate. |
|
11 |
A digital ID in the certificate chain is used incorrectly. |
A certificate that can only be used as an end-entity is being used as a certification authority (CA), or a CA that can only be used as an end-entity is being used as a certificate. |
Item |
Obtain the correct certificate chain. |
|
12 |
The digital ID does not match the recipient's email address. |
Incorrect certificate was supplied, could be malicious. |
Item |
Obtain the correct certificate for the user. |
|
13 |
The digital ID used to sign this message has been revoked. This can indicate that the issuer of the digital ID no longer trusts the sender, the digital ID was reported stolen, or the digital ID was compromised. |
The certificate has been revoked by the certification authority (CA) that issued it. |
Item |
Obtain a new certificate. |
|
14 |
The validity of the digital ID cannot be determined because the server that provides this information cannot be contacted. |
The certificate revocation server is offline. |
Item |
Retry request after some time. |
|
15 |
A digital ID in the chain has been revoked by the authority that issued it. |
A certificate in the chain has been revoked. |
Item |
Obtain a new certificate. |
|
16 |
The digital ID cannot be validated because its revocation status cannot be determined. |
The signature in the certificate is invalid. |
Item |
Verify that the certificate has a valid signature. |
|
17 |
An unknown server error has occurred. |
The certificate source is not trusted by the server. |
Item |
Contact the administrator to add the certificate to the trusted sources list if it is necessary. |
Protocol Versions
The following table specifies the protocol versions that support this element. The client indicates the protocol version being used by setting either the MS-ASProtocolVersion header, as specified in [MS-ASHTTP] section 2.2.1.1.2.6, or the Protocol version field, as specified in [MS-ASHTTP] section 2.2.1.1.1.1, in the request.
|
Protocol version |
Element support |
|---|---|
|
2.5 |
Yes |
|
12.0 |
Yes |
|
12.1 |
Yes |
|
14.0 |
Yes |
|
14.1 |
Yes |
|
16.0 |
Yes |
|
16.1 |
Yes |