3.2.1.4.3.2.39 PropID = 0x00000027 (CR_PROP_CACERTVERSION) "CA Signing Certificates Revisions"
The client has requested the revisions on the CA signing certificate. If the server implements the Signing_Cert table, it MUST return a ULONG array that identifies the revisions to its signing certificates as specified as follows. Otherwise, the server MUST return an empty CERTTRANSBLOB structure.
The CA MUST return the array in a CERTTRANSBLOB (section 2.2.2.2) structure. Each ULONG value in the returned array MUST contain version information for a signing certificate in little-endian format. The upper 16 bits MUST contain a zero-based key index, and the lower 16 MUST contain a zero-based certificate index.
Example: The CA has renewed its certificates in the following manner:
Certificate_0 contains the original key.
Certificate_1 is created by renewing Certificate_0 with a new key.
Certificate_2 is created by renewing Certificate_1 with the key used to create Certificate_1.
Certificate_3 is created by renewing Certificate_2 with the key used to create Certificate_1.
Certificate_4 is created by renewing Certificate_3 with the key used to create Certificate_1.
Certificate_5 is created by renewing Certificate_4 with a new key.
Certificate_6 is created by renewing Certificate_5 with the key used to create Certificate_5.
Certificate_7 is created by renewing Certificate_6 with the key used to create Certificate_5.
Certificate_8 is created by renewing Certificate_7 with a new key.
This renewal pattern leads to the following ULONG array.
|
Index |
ULONG |
Key index |
Certificate index |
|---|---|---|---|
|
0 |
0x00000000 |
0000 |
0000 |
|
1 |
0x00010001 |
0001 |
0001 |
|
2 |
0x00010002 |
0001 |
0002 |
|
3 |
0x00010003 |
0001 |
0003 |
|
4 |
0x00010004 |
0001 |
0004 |
|
5 |
0x00050005 |
0005 |
0005 |
|
6 |
0x00050006 |
0005 |
0006 |
|
7 |
0x00050007 |
0005 |
0007 |
|
8 |
0x00080008 |
0008 |
0008 |