Certificate verification using online CRL and C#
Hi,
I wanted to validate a digital certificate using online CRL and C#. To do the task, I use X509Certificate2 and X509Chain class. I get "RevocationStatusUnknown" as status of the code I use. CRL of the certificate is accessible using Internet Explorer. But the same is not happening through code I suppose. Is there any sort of access permissions we need to set up @ IIS level in order to access CRL through code?. Could some one please throw light on this?.
Here, the code is running on localhost from where the CRL is accessible using IE.
Following is the code I use :-
string status = "";
X509Chain chain = new X509Chain();
chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(1000);
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag ;
chain.ChainPolicy.VerificationTime = DateTime.Now;
string strCertificate = Server.MapPath(".\\ThawteFreeCertificate.pfx");
X509Certificate2 Cert = new X509Certificate2(strCertificate, "123456");
chain.Build(Cert );
foreach (X509ChainStatus s in chain.ChainStatus)
{
string str = s.Status.ToString();
if (!str.Equals(""))
{
status = s.Status.ToString();
Response.Write("<br> Status :" + status);
}
}
Thanks In Advance
Ajil
|