473,396 Members | 1,789 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > using certutil.exe to verify certificates revocation status using ocsp on windows ser

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Using Certutil.exe to verify Certificates Revocation Status using OCSP on Windows Ser

Hi everyone!

I have a requirement, where I need to verify the Revocation Status of a Certificate against a CRL issued from the Certificate Authority. This can be done at real time using OCSP by utilizing the command

"Certuitil.exe -verify -urlfetch Certificatepath".

This works well on Window 7 and Windows Server 2008 R2.

But when we try the same command on Windows Server 2003, the command never returns the status and shows the error below

" The signature of the certificate can not be verified. 0x80096004 (-2146869244)
------------------------------------
CertUtil: -verify command FAILED: 0x80096004 (-2146869244)
CertUtil: The signature of the certificate can not be verified. "

Below is the complete output from the command

Issuer:
CN=<Certification Authority>
OU=<Certification Authorities>
O=Test LLC.
C=US
Subject:
CN=TestCert-valid
OU=Development
O=Test
L=Minneapolis
S=Minnesota
C=US
Cert Serial Number: 2585178a00000000000a

dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_SIGNATURE_VALID (0x8)
ChainContext.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_SIGNATURE_VALID (0x8)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)

CertContext[0][0]: dwInfoStatus=2 dwErrorStatus=1000048
Issuer: CN=Test Issuing Certification Authority, OU=Test Certification Authorities, O=Test LLC., C=US
Subject: CN=TestSuite1-valid, OU=Development, O=Test, L=Minneapolis, S=Minnesota, C=US
Serial: 2585178a00000000000a
Template: 1.3.6.1.4.1.311.21.8.9714767.7847860.16731308.5494 905.11126283.253.11707544.14004296
8a 98 d5 b6 5d 51 39 bc 62 d6 31 41 5c d9 88 78 f9 cf 0b 32
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwErrorStatus = CERT_TRUST_IS_NOT_SIGNATURE_VALID (0x8)
Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
---------------- Certificate AIA ----------------
Wrong Issuer "Certificate (0)" Time: 0
[0.0] http://pki.Test.net/repository/STestCA.crt

---------------- Certificate CDP ----------------
Wrong Issuer "Base CRL (108)" Time: 0
[0.0] http://pki.Test.net/repository/STestCA.crl

--------------------------------
Issuance[0] = 1.3.6.1.4.1.37583.509.50.1.3
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication

CertContext[0][1]: dwInfoStatus=2 dwErrorStatus=1000048
Issuer: CN=Test Root Certification Authority, OU=Test Certification Authories, O=Test LLC., C=US
Subject: CN=Test Issuing Certification Authority, OU=Test Certification Authorities, O=Test LLC., C=US
Serial: 11000000086125600ee5b47c13000000000008
e7 03 84 0d 47 02 1f 18 06 98 28 81 47 9e 70 58 8c 4d 49 cb
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwErrorStatus = CERT_TRUST_IS_NOT_SIGNATURE_VALID (0x8)
Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
---------------- Certificate AIA ----------------
Wrong Issuer "Certificate (0)" Time: 0
[0.0] http://pki.Test.net/repository/SSRootCA.crt

---------------- Certificate CDP ----------------
Wrong Issuer "Base CRL (3)" Time: 0
[0.0] http://pki.Test.net/repository/SSRootCA.crl

--------------------------------

CertContext[0][2]: dwInfoStatus=c dwErrorStatus=28
Issuer: CN=Test Root Certification Authority, OU=Test Certification Authories, O=Test LLC., C=US
Subject: CN=Test Root Certification Authority, OU=Test Certification Authories, O=Test LLC., C=US
Serial: 2f9f5fef8094d4ae47303ae9b0c4acf3
f4 a0 8d ce 8c 1f 46 78 e0 0a ee 18 02 66 83 a2 5b 9c 71 a3
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwErrorStatus = CERT_TRUST_IS_NOT_SIGNATURE_VALID (0x8)
Element.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
---------------- Certificate AIA ----------------
No URLs "None" Time: 0
---------------- Certificate CDP ----------------
No URLs "None" Time: 0
--------------------------------

Exclude leaf cert:
5d 9f a6 3d 01 5a dc 72 9a 2e 37 33 f3 78 ff 81 22 ef 68 f9
Full chain:
4d a4 62 39 07 85 bd c5 7f eb 64 ac ed 64 03 1e 1b 51 d5 96
Issuer: CN=Test Issuing Certification Authority, OU=Test Certification Authorities, O=Test LLC., C=US
Subject: CN=TestSuite1-valid, OU=Development, O=Test, L=Minneapolis, S=Minnesota, C=US
Serial: 2585178a00000000000a
Template: 1.3.6.1.4.1.311.21.8.9714767.7847860.16731308.5494 905.11126283.253.11707544.14004296
8a 98 d5 b6 5d 51 39 bc 62 d6 31 41 5c d9 88 78 f9 cf 0b 32
The signature of the certificate can not be verified. 0x80096004 (-2146869244)
------------------------------------
CertUtil: -verify command FAILED: 0x80096004 (-2146869244)
CertUtil: The signature of the certificate can not be verified.

If anyone knows how to use Certutil command line tool on Windows server 2003 to verify the certificate revocation status using OCSP, Please Help.

Any help is greatly appreciated.

Thanks a lot in advance.

Vinay
May 31 '13 #1
0 2721

Sign in to post your reply or Sign up for a free account.

Similar topics

5
Using python to check the status of a program
by: Kamuela Franco | last post by:
I would like to use a Python script to periodically check to see if a program is still running and if it isn't I want to start it up. Could someone point me on the right path? Thanks in advance....
Python
0
Oracle password change using the Verify Password function
by: neuge | last post by:
I am trying to write a Change password process to change user password on an Oracle 8i database with a Powerbuilder client. When the PL/SQL function supplied by Oracle (Verify Password) is...
Oracle Database
5
Question about using pre-signed certificates
by: RobbieK | last post by:
I am hoping someone can help with a strange problem - I am not very savvy with certificates, so bear with my ignorance in that area. I have an ASP.NET (1.1) application that calls a web service...
.NET Framework
5
using Multiple client certificates
by: | last post by:
Hi all, HttpWebRequest, and SoapHttpClientProtocol both expose a ClientCertificates property, which can hold multiple client certificates, but on the service side, it can only receive one client...
.NET Framework
3
Error using TransmitFile() with asp.net 2.0 on windows xp
by: MatsL | last post by:
Hi, I'm having a problem sending a file using TransmitFile(). The code works perfectly using WriteFile() so I'm a little confused. Does TransmitFile() have any other prerequisites than...
ASP.NET
2
Using SharpZipLib and getting progress status
by: Dr_PoLish (the schnitzel) | last post by:
Hey, I've been developing an app that would basically clone the functionality that apt-get does for debian and port it to windows. Yes, the whole deal - repositories, .deb clones (in this case,...
C# / C Sharp
2
Using two client certificates for a SSL Webservice
by: b.fokke | last post by:
I'd like to connect to a webservice using TLS/SSL. I have two separate client certificates: 1. A certificate for digital verification 2. A certificate for encryption. When I use the first one...
.NET Framework
0
Getting the status of a windows update
by: andrewst | last post by:
Hi There, I'm not sure if this has been covered before but i cant seem to find anything on the subject. Basically i need a way to find out if there are any Windows Updates waiting to be installed,...
.NET Framework
1
passing textbox value to gridview using C#.net at runtime not using database
by: tina2626 | last post by:
how can i pass textbox value to gridview using C#.net at runtime not using database values. i m hving textbox1 and gridview1. can anyone suggest me to do this coding in ASP.NET(C# language).
Microsoft SQL Server
2
Using same field as alias and using the count in the query.
by: Jason Stinson | last post by:
I am trying to create a small report and what I want to do is pull the same field in a query 4 times and I am trying to alias the field and also have it just count the number of records, not give me...
MySQL Database
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!