tags:

views:

130

answers:

1

Hi, I have ASP.NET web service on windows server 2003. I have own certificate authority. I use own client certificate on authentification in web service. I make client certificate. I call web service, everything is ok. Then I revoke this certificate in certification authority. Certificate is in Revoked certificate. I call web service with this certificate, but web service verify this certificate as good, but this certificate is between revoked. I don't know why? Anybody help me please?

I use this method on verify certificate.

X509Certificate2.Verify Method

I don't get any exception, certificate is between revoked, but web service verify this certificate as good.

to klausbyskov: Thank you. So I try this :

    public void CreateUser(X509Certificate2 cert)
    {

        ServicePointManager.UseNagleAlgorithm = true;
        ServicePointManager.Expect100Continue = true;
        ServicePointManager.CheckCertificateRevocationList = true;
        ServicePointManager.DefaultConnectionLimit =    ServicePointManager.DefaultPersistentConnectionLimit;

        if (VefiryCert(cert))
        {
          //...
        }
   }

But the revoked certificate is still verify as good

A: 

Try setting the CheckCertificateRevocationList property of the ServicePointManager class to true before calling Verify().

klausbyskov