Edit

CertificateStatus.CheckFlag property

  • Article

[CAPICOM is a 32-bit only component that is available for use in the following operating systems: Windows Server 2008, Windows Vista, and Windows XP. Instead, use the X509ChainStatus Structure in the System.Security.Cryptography.X509Certificates namespace.]

The CheckFlag property sets or retrieves the validity check flags for a certificate.

Syntax

CertificateStatus.CheckFlag As CAPICOM_CHECK_FLAG

Property value

A value of the CAPICOM_CHECK_FLAG enumeration that describes the validity checks for the certificate. The default value is CAPICOM_CHECK_ONLINE_ALL.

CAPICOM 2.0.0.3/2.0.0.2/2.0.0.1: The default value is CAPICOM_CHECK_SIGNATURE_VALIDITY, CAPICOM_CHECK_TIME_VALIDITY, CAPICOM_CHECK_TRUSTED_ROOT, and CAPICOM_CHECK_COMPLETE_CHAIN.

CAPICOM 2.0 and earlier: The default value is CAPICOM_CHECK_SIGNATURE_VALIDITY, CAPICOM_CHECK_TIME_VALIDITY, and CAPICOM_CHECK_TRUSTED_ROOT.

The following table shows the possible values.

Value Meaning
CAPICOM_CHECK_BASIC_CONSTRAINTS
 Checks basic constraints. Introduced in CAPICOM 2.0.
CAPICOM_CHECK_COMPLETE_CHAIN
 Checks the complete chain. Introduced in CAPICOM 2.0.
CAPICOM_CHECK_NAME_CONSTRAINTS
 Checks name constraints. Introduced in CAPICOM 2.0.
CAPICOM_CHECK_NESTED_VALIDITY_PERIOD
 Checks nested validity. Introduced in CAPICOM 2.0.
CAPICOM_CHECK_NONE
 No validity checking is done.
CAPICOM_CHECK_OFFLINE_ALL
 Checks offline all. Revocation checks are performed on all certificates in the chain except for the root certificate. Introduced in CAPICOM 2.0.
CAPICOM_CHECK_ONLINE_ALL
 Checks online all. Revocation checks are performed on all certificates in the chain except for the root certificate. Introduced in CAPICOM 2.0.
CAPICOM_CHECK_OFFLINE_REVOCATION_STATUS
 Checks the revocation status of all certificates in the chain using only offline CRLs.
CAPICOM_CHECK_ONLINE_REVOCATION_STATUS
 Checks the revocation status of all certificates in the chain using CRLs available online. CRLs are downloaded by using the CDP extension in the certificate.
If the CRL has been downloaded and has not expired, CAPICOM uses it and does not go online.
If a CRL has not been downloaded or is out of date, CAPICOM goes online to attempt to download the CRL.
CAPICOM_CHECK_SIGNATURE_VALIDITY
 Checks for valid signatures on all certificates in the chain.
CAPICOM_CHECK_TIME_VALIDITY
 Checks the time validity of all certificates in the chain.
CAPICOM_CHECK_TRUSTED_ROOT
 Checks for a trusted root of the certificate chain.

 

Requirements

Requirement Value
End of client support
 Windows Vista
End of server support
 Windows Server 2008
Redistributable
 CAPICOM 2.0 or later on Windows Server 2003 and Windows XP
DLL
Capicom.dll