3.2.1.4.3.2.19 PropID = 0x00000013 (CR_PROP_CACERTSTATE) "CA Signing Certificates State"
The client has requested the disposition status of all CA signing certificates.
If the server implements the Signing_Cert Table, it MUST validate all the signing certificates stored in the Signing_Cert_Certificate column.
The server MUST return a byte array that contains the status. The value used MUST be one of the following.
|
Value |
Meaning |
|---|---|
|
CA_DISP_INCOMPLETE (0x00) |
The signing certificate is incomplete. |
|
CA_DISP_ERROR (0x01) |
The signing certificate is unavailable. |
|
CA_DISP_REVOKED (0x02) |
The signing certificate has been revoked. |
|
CA_DISP_VALID (0x03) |
The signing certificate is valid. |
|
CA_DISP_INVALID (0x04) |
The signing certificate has expired. |
The CA MUST return the byte array in a CERTTRANSBLOB (section 2.2.2.2) structure. The first byte MUST identify the status of the signing certificate in row 1 of the Signing_Cert table, and the second byte MUST identify the status of the signing certificate in the second row of the Signing_Cert table. Subsequent bytes MUST repeat this pattern so that byte n MUST contain the disposition of the signing certificate in row n.