2.2.2.21 ValidateCert

The ValidateCert command is used by the client to validate a certificate that has been received via an S/MIME mail.

To validate a certificate, the server MUST verify that the certificate has not expired and has not been revoked. The server MUST walk up the certificate chain, verifying that each intermediate CA certificate has not expired and has not been revoked and that the root certificate is a trusted certification authority (CA). Certificate validation is particularly important for verifying signatures (for example, on S/MIME signed mail). The validation details are not within the scope of this protocol.

The ValidateCert namespace is the primary namespace for this section. Elements referenced in this section that are not defined in the ValidateCert namespace use the namespace prefixes defined in section 2.2.1.

The following table lists the elements that are used in ValidateCert command requests and responses.

Element name

Scope

Reference

ValidateCert

Request and Response

section 2.2.3.184

CertificateChain

Request

section 2.2.3.20

Certificate

Request and Response

section 2.2.3.19.2

Certificates

Request

section 2.2.3.23.2

CheckCRL

Request

section 2.2.3.26

Status

Response

section 2.2.3.166.17

The XML schema for the ValidateCert command request is described in section 6.44. The XML schema for the ValidateCert command response is described in section 6.45.

Protocol Versions

The following table specifies the protocol versions that support this command. The client indicates the protocol version being used by setting either the MS-ASProtocolVersion header, as specified in [MS-ASHTTP] section 2.2.1.1.2.4, or the Protocol version field, as specified in [MS-ASHTTP] section 2.2.1.1.1.1, in the request.

Protocol version

Command support

2.5

X

12.0

X

12.1

X

14.0

X

14.1

X

16.0

X

Show: