3.2.1.4.3.2.19 PropID = 0x00000013 (CR_PROP_CACERTSTATE) "CA Signing Certificates State"

The client has requested the disposition status of all CA signing certificates.

If the server implements the Signing_Cert Table, it MUST validate all the signing certificates stored in the Signing_Cert_Certificate column.

The server MUST return a byte array that contains the status. The value used MUST be one of the following.

 Value

 Meaning

CA_DISP_INCOMPLETE (0x00)

The signing certificate is incomplete.

CA_DISP_ERROR (0x01)

The signing certificate is unavailable.

CA_DISP_REVOKED (0x02)

The signing certificate has been revoked.

CA_DISP_VALID (0x03)

The signing certificate is valid.

CA_DISP_INVALID (0x04)

The signing certificate has expired.

The CA MUST return the byte array in a CERTTRANSBLOB (section 2.2.2.2) structure. The first byte MUST identify the status of the signing certificate in row 1 of the Signing_Cert table, and the second byte MUST identify the status of the signing certificate in the second row of the Signing_Cert table. Subsequent bytes MUST repeat this pattern so that byte n MUST contain the disposition of the signing certificate in row n.