3.2.1.4.3.2.34 PropID = 0x00000022 (CR_PROP_CACERTSTATUSCODE) "CA Signing Certificate Status"
The client has requested the status of a particular CA signing certificate. If the PropIndex value of the request is (-1), the client has requested the status of the certificate that has the highest index in the Signing_Cert_Certificate column.
If the CA implements the Signing_Cert_Certificate column, it MUST validate the status of the requested signing certificate that is pointed to by the PropIndex parameter. It MUST also return an HRESULT value that identifies the status of the signing certificate. Otherwise, it MUST return an empty CERTTRANSBLOB (section 2.2.2.2).
If the certificate validation succeeded, the property value SHOULD be S_OK. If the certificate validation failed, the returned HRESULT value SHOULD indicate the error. Certificate validation SHOULD follow the requirements as specified in [RFC3280].
The CA MUST return the status in a CERTTRANSBLOB structure. The pb member of the structure MUST point to the returned HRESULT value in little-endian format. The cb member MUST contain the length of a LONG.
Possible values include but are not limited to those in the following table. Other common error codes are specified in [MS-ERREF].
Value |
Meaning |
Section in RFC 3280 |
---|---|---|
CRYPT_E_REVOCATION_OFFLINE (0x80092013)_ |
The revocation status cannot be checked because the revocation server is offline. |
An operational error occurred as specified in sections 3.3, 5.3.1, and 9. |
CERT_E_EXPIRED (0x800B0101) |
A required certificate is not within its validity period. |
A time validity check failed as specified in section 4.1.2.5. |
CERT_E_REVOKED (0x800B010C) |
A certificate was explicitly revoked by its issuer. |
Revocation of certificates by a CA are uniquely tracked as specified in section 5.1.2.6. |
CERT_E_CHAINING (0x800B010B) |
A certificate chain cannot be built to a trusted root authority. |
An error occurred while building name chaining, as specified in sections 4.1.2.4 and 6. |
CERT_E_UNTRUSTEDROOT (0x800B010A) |
A certificate chain was processed but terminated in a root certificate, which is not trusted by the trust provider. |
An invalid path validation results in this error as specified in section 6.2. |
CRYPT_E_NO_REVOCATION_DLL (0x80092011) |
No DLL or exported function was found to verify revocation. |
An operational error occurred as specified in sections 3.3, 5.3.1, and 9. Specifically, this error code is included to indicate that the revocation library is missing. |
CRYPT_E_NO_REVOCATION_CHECK (0x80092012) |
The revocation status for the certificate cannot be verified. |
An operational error occurred as specified in sections 3.3, 5.3.1, and 9. |