1

我有小问题。我在 windows server 2003 中使用了证书颁发机构并撤销了客户端证书。客户端证书在吊销证书中。我尝试在 windows server 2003 的 winform 应用程序中验证此客户端证书吊销。代码在这里:

private bool VefiryCert(X509Certificate2 cert)
{
    X509Chain chain = new X509Chain();
    chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
    chain.ChainPolicy.RevocationMode =
         X509RevocationMode.Online;
    chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 1000);
    chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags; X509VerificationFlags.AllowUnknownCertificateAuthority;
    return chain.Build(cert);
}

But this client certificate is verify as true. 我很困惑,哪里有问题?如何检查撤销列表,该列表加载在 winform 应用程序中并用于验证此客户端证书?

所以问题是我使用方法 VefiryCert 验证客户端证书,该证书在撤销列表(在证书颁发机构中),证书被验证为 TRUE。

有人可以帮助我吗?

4

1 回答 1

0

我在服务器上遇到了类似的问题。我发现调用

ServicePointManager.CheckCertificateRevocationList = true;

允许我看到异常

failed: System.ServiceModel.Security.SecurityNegotiationException : Could not establish trust relationship for the SSL/TLS secure channel with authority 'XXX.XXX.net'.  
----> System.Net.WebException : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.  
----> System.Security.Authentication.AuthenticationException : The remote certificate is invalid according to the validation procedure.
于 2009-12-31T14:40:51.643 回答