revoked client certificate

Question

Hi guys, I have little problem. I used certificate authority in windows server 2003 and revoked client certificate. The client certificate is in revoked certificate. I try verify this client certificate on revocation in winform app in windows server 2003. Code is here :

private bool VefiryCert(X509Certificate2 cert)
{
    X509Chain chain = new X509Chain();
    chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
    chain.ChainPolicy.RevocationMode =
         X509RevocationMode.Online;
    chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 0, 1000);
    chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllFlags; X509VerificationFlags.AllowUnknownCertificateAuthority;
    return chain.Build(cert);
}

But this client certificate is verify as true. I am confuse, where can be problem ? How can I check revocation list, which is loaded in winform application and used on verification this client certificate?

So the problem is I verify client certificate, which is in revoked list (in certification authority) with method VefiryCert, an the certificate is verify as TRUE.

Can somebody help me ?

Answer 1

I had a similar issue on the server. I found that a call to

ServicePointManager.CheckCertificateRevocationList = true;

allowed me to see the exception

failed: System.ServiceModel.Security.SecurityNegotiationException : Could not establish trust relationship for the SSL/TLS secure channel with authority 'XXX.XXX.net'.  
----> System.Net.WebException : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.  
----> System.Security.Authentication.AuthenticationException : The remote certificate is invalid according to the validation procedure.