2.2.1.22 ValidateCert
The ValidateCert command is used by the client to validate a certificate that has been received via an S/MIME mail.
To validate a certificate, the server MUST verify that the certificate has not expired and has not been revoked. The server MUST walk up the certificate chain, verifying that each intermediate CA certificate has not expired and has not been revoked and that the root certificate is a trusted certification authority (CA). Certificate validation is particularly important for verifying signatures (for example, on S/MIME signed mail). The validation details are not within the scope of this protocol.
The ValidateCert namespace is the primary namespace for this section. Elements referenced in this section that are not defined in the ValidateCert namespace use the namespace prefixes defined in section 2.2.4.
The following table lists the elements that are used in ValidateCert command requests and responses.
|
Element name |
Scope |
Reference |
|---|---|---|
|
ValidateCert |
Request and Response |
section 2.2.3.195 |
|
CertificateChain |
Request |
section 2.2.3.20 |
|
Certificate |
Request and Response |
section 2.2.3.19.2 |
|
Certificates |
Request |
section 2.2.3.23.2 |
|
CheckCRL |
Request |
section 2.2.3.26 |
|
Status |
Response |
section 2.2.3.177.18 |
The XML schema for the ValidateCert command request is described in section 6.47. The XML schema for the ValidateCert command response is described in section 6.48.
Protocol Versions
The following table specifies the protocol versions that support this command. The client indicates the protocol version being used by setting either the MS-ASProtocolVersion header, as specified in [MS-ASHTTP] section 2.2.1.1.2.6, or the Protocol version field, as specified in [MS-ASHTTP] section 2.2.1.1.1.1, in the request.
|
Protocol version |
Command support |
|---|---|
|
2.5 |
Yes |
|
12.0 |
Yes |
|
12.1 |
Yes |
|
14.0 |
Yes |
|
14.1 |
Yes |
|
16.0 |
Yes |
|
16.1 |
Yes |