Export (0) Print
Expand All

CertificateStatus.CheckFlag property

[CAPICOM is a 32-bit only component that is available for use in the following operating systems: Windows Server 2008, Windows Vista, and Windows XP. Instead, use the X509ChainStatus Structure in the System.Security.Cryptography.X509Certificates namespace.]

The CheckFlag property sets or retrieves the validity check flags for a certificate.

Syntax


CertificateStatus.CheckFlag As CAPICOM_CHECK_FLAG

Property value

A value of the CAPICOM_CHECK_FLAG enumeration that describes the validity checks for the certificate. The default value is CAPICOM_CHECK_ONLINE_ALL.

CAPICOM 2.0.0.3/2.0.0.2/2.0.0.1:  The default value is CAPICOM_CHECK_SIGNATURE_VALIDITY, CAPICOM_CHECK_TIME_VALIDITY, CAPICOM_CHECK_TRUSTED_ROOT, and CAPICOM_CHECK_COMPLETE_CHAIN.

CAPICOM 2.0 and earlier:  The default value is CAPICOM_CHECK_SIGNATURE_VALIDITY, CAPICOM_CHECK_TIME_VALIDITY, and CAPICOM_CHECK_TRUSTED_ROOT.

The following table shows the possible values.

ValueMeaning
CAPICOM_CHECK_BASIC_CONSTRAINTS

Checks basic constraints. Introduced in CAPICOM 2.0.

CAPICOM_CHECK_COMPLETE_CHAIN

Checks the complete chain. Introduced in CAPICOM 2.0.

CAPICOM_CHECK_NAME_CONSTRAINTS

Checks name constraints. Introduced in CAPICOM 2.0.

CAPICOM_CHECK_NESTED_VALIDITY_PERIOD

Checks nested validity. Introduced in CAPICOM 2.0.

CAPICOM_CHECK_NONE

No validity checking is done.

CAPICOM_CHECK_OFFLINE_ALL

Checks offline all. Revocation checks are performed on all certificates in the chain except for the root certificate. Introduced in CAPICOM 2.0.

CAPICOM_CHECK_ONLINE_ALL

Checks online all. Revocation checks are performed on all certificates in the chain except for the root certificate. Introduced in CAPICOM 2.0.

CAPICOM_CHECK_OFFLINE_REVOCATION_STATUS

Checks the revocation status of all certificates in the chain using only offline CRLs.

CAPICOM_CHECK_ONLINE_REVOCATION_STATUS

Checks the revocation status of all certificates in the chain using CRLs available online. CRLs are downloaded by using the CDP extension in the certificate.

If the CRL has been downloaded and has not expired, CAPICOM uses it and does not go online.

If a CRL has not been downloaded or is out of date, CAPICOM goes online to attempt to download the CRL.

CAPICOM_CHECK_SIGNATURE_VALIDITY

Checks for valid signatures on all certificates in the chain.

CAPICOM_CHECK_TIME_VALIDITY

Checks the time validity of all certificates in the chain.

CAPICOM_CHECK_TRUSTED_ROOT

Checks for a trusted root of the certificate chain.

 

Requirements

End of client support

Windows Vista

End of server support

Windows Server 2008

Redistributable

CAPICOM 2.0 or later on Windows Server 2003 and Windows XP

DLL

Capicom.dll

 

 

Community Additions

ADD
Show:
© 2014 Microsoft