The following section describes the certificate invalidity reason flags:
The following flags are used to specify why a certificate may be invalid. For use with the cRLReason field in the function NPKIVerifyCertificateWithTrustedRoots.
Value |
Name |
Description |
---|---|---|
0x0000000 |
NPKIx509CertificateValid |
The certificate is valid. |
0x0000001 |
NPKIx509Invalid_System_Error |
The system is unstable and should be rebooted. |
0x0000002 |
NPKIx509Invalid_Decode_Error |
There was an ASN1 decoding problem. |
0x0000003 |
NPKIx509Invalid_Subject_Issuer_Name |
The subject name of the issuing certificate does not match the issuer name of subject certificate. |
0x0000004 |
NPKIx509Invalid_Future |
The start date is in the future. |
0x0000005 |
NPKIx509Invalid_Expired |
The end date is in the past. |
0x0000006 |
NPKIx509Invalid_Issuer_Not_CA |
The issuer is not a valid CA. |
0x0000007 |
NPKIx509Invalid_Path_Length |
The X.509 basic constraints extension path length has been violated. |
0x0000008 |
NPKIx509Invalid_Unknown_Critical_Extension |
There was a critical extension that could not be understood. |
0x0000009 |
NPKIx509Invalid_KeyUsage |
The key does not support the requested usage. |
0x000000A |
NPKIx509Invalid_CRL_Decode_Error |
An error occurred during the decoding of the certificate revocation list (CRL). |
0x000000B |
NPKIx509Invalid_Certificate_On_CRL |
One of the certificates in the chain is on a CRL. |
0x000000C |
NPKIx509Invalid_Cant_Process_CDP |
The certificate contained a distribution point that can not be processed. |
0x000000D |
NPKIx509Invalid_Cant_Read_CRL |
the CRL could not be read. |
0x000000E |
NPKIx509Invalid_Invalid_CRL |
The CRL was not valid for this certificate. |
0x000000F |
NPKIx509Invalid_Expired_CRL. |
The CRL has expired. |
0x0000010 |
NPKIx509Invalid_CRL_Issuer_Name |
The issuer name of the CRL identified in the certificate does not match the issuer name in the actual CRL retrieved. |
0x0000011 |
NPKIx509Invalid_Issuer_Not_Trusted |
Indicates that one or more of the certificates in the certificate chain does not exist in the specified trusted root container. This error code can only be returned by a call to NPKIVerifyCertificateWithTrustedRoots. |
0x0000012 |
NPKIx509Invalid_CDP_Exists_Did_Not_Check_CRL |
This is an advisory flag. The Certificate Distribution Point (CDP) exists but the CRL was not checked because the caller of the function requested that it not be checked. |
0x0000013 |
NPKIx509Invalid_Invalid_Signature |
The signature on the CRL is invalid. |