X509CheckCertInCRL Method

Check whether an X.509 certificate has been revoked in a Certificate Revocation List (CRL).

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.30549 (23.1.0.0)

Syntax

public static int CheckCertInCRL(
	string certFile,
	string crlFile,
	string issuerCert,
	string dateStr
)

Public Shared Function CheckCertInCRL ( 
	certFile As String,
	crlFile As String,
	issuerCert As String,
	dateStr As String
) As Integer

Parameters

certFile String: name of X.509 certificate to be checked (or base64 representation)
crlFile String: name of CRL file
issuerCert String: (optional) with name of X.509 certificate file for the entity that issued the CRL (or base64 representation)
dateStr String: (optional) with date in ISO format (yyyy-mm-dd[Thh[:nn:ss]][Z]) on or after you wish to check for revocation. Leave empty "" for any date. The time must be in GMT (UTC, Zulu time)

Return Value

Int32
Zero if the certificate is NOT in the CRL; X509.Revoked (REVOCATION_ERROR +42) if the certificate has been revoked; otherwise a nonzero error code.

Remarks

The optional dateStr parameter allows you check whether a certificate was revoked only after the given date-time, which must be GMT (UTC). If the optional issuerCert is specified, the signature of the CRL will be checked against the key in the issuer's certificate and a SIGNATURE_ERROR will result if the signature is invalid.

Reference

X509 Class

CryptoSysPKI Namespace

VerifyCert(String, String)

CertIsValidNow(String)