Share via


IKEEXT_CERTIFICATE_AUTHENTICATION0 (Compact 7)

3/12/2014

This structure is used to specify various parameters for authentication with certificates.

Syntax

typedef struct IKEEXT_CERTIFICATE_AUTHENTICATION0_ {
  IKEEXT_CERT_CONFIG_TYPE inboundConfigType;
  union {
    struct {
      UINT32 inboundRootArraySize;
      IKEEXT_CERT_ROOT_CONFIG0* inboundRootArray;
    };
    IKEEXT_CERT_ROOT_CONFIG0* inboundEnterpriseStoreConfig;
    IKEEXT_CERT_ROOT_CONFIG0* inboundTrustedRootStoreConfig;
  };
  IKEEXT_CERT_CONFIG_TYPE outboundConfigType;
  union {
    struct {
      UINT32 outboundRootArraySize;
      IKEEXT_CERT_ROOT_CONFIG0* outboundRootArray;
    };
    IKEEXT_CERT_ROOT_CONFIG0* outboundEnterpriseStoreConfig;
    IKEEXT_CERT_ROOT_CONFIG0* outboundTrustedRootStoreConfig;
  };
  UINT32 flags;
} IKEEXT_CERTIFICATE_AUTHENTICATION0;

Members

  • inboundConfigType
    Certificate configuration type for inbound peer certificate verification.

    See topic IKEEXT_CERT_CONFIG_TYPE for more information.

  • inboundRootArraySize
    Number of elements in the inboundRootArray member.

    Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.

  • inboundRootArray
    Explicit trust list for verifying the peer certificate chain.

    Available when inboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.

    See topic IKEEXT_CERT_ROOT_CONFIG0 for more information.

  • inboundEnterpriseStoreConfig
    Enterprise store configuration for verifying the peer certificate chain.

    Available when inboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE.

    See topic IKEEXT_CERT_ROOT_CONFIG0 for more information.

  • inboundTrustedRootStoreConfig
    Trusted root store configuration for verifying the peer certificate chain.

    Available when inboundConfigType is IKEEXT_CERT_CONFIG_TRUSTED_ROOT_STORE.

    See topic IKEEXT_CERT_ROOT_CONFIG0 for more information.

  • outboundConfigType
    Certificate configuration type for outbound local certificate verification.

    See topic IKEEXT_CERT_CONFIG_TYPE for more information.

  • outboundRootArraySize
    Number of elements in the outboundRootArray member.

    Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.

  • outboundRootArray
    Explicit trust list for selecting a certificate chain to send to the peer.

    Available when outboundConfigType is IKEEXT_CERT_CONFIG_EXPLICIT_TRUST_LIST.

    See topic IKEEXT_CERT_ROOT_CONFIG0 for more information.

  • outboundEnterpriseStoreConfig
    Enterprise store configuration for selecting the certificate chain.

    Available when outboundConfigType is IKEEXT_CERT_CONFIG_ENTERPRISE_STORE.

    See topic IKEEXT_CERT_ROOT_CONFIG0 for more information.

  • outboundTrustedRootStoreConfig
    Trusted root store configuration for selecting the certificate chain.

    Available when outboundConfigType is IKEEXT_CERT_CONFIG_ROOT_STORE.

    See topic IKEEXT_CERT_ROOT_CONFIG0 for more information.

  • flags
    A combination of the values listed in the Remarks section below, which specifies the certificate authentication characteristics.

Remarks

The Flags data member can be a combination of the following values, which specifies the certificate authentication characteristics.

IKE/AuthIP certificate authentication flag Meaning

IKEEXT_CERT_AUTH_FLAG_DISABLE_CRL_CHECK

Disable CRL checking. By default weak CRL checking is enabled. Weak checking means that a certificate will be rejected if and only if CRL is successfully looked up and the certificate is found to be revoked.

IKEEXT_CERT_AUTH_ENABLE_CRL_CHECK_STRONG

Enable strong CRL checking. Strong checking means that a certificate will be rejected if certificate is found to be revoked, or if any other error (for example, CRL could not be retrieved) takes place while performing the revocation checking.

Requirements

Header

fwpmu.h

See Also

Reference

WFP IKE Structures

Other Resources

Windows Filtering Platform