The following flags are used to specify why a certificate is invalid. These values are used by the cRLReason parameter in the functions NPKIT_VerifyCertChain, NPKIT_VerifyCertChainWithCallback, and NPKIT_VerifyCertChain.
Value |
Name |
Description |
---|---|---|
0x0000000 |
NPKIx509CertificateValid |
The certificate is valid. |
0x0000001 |
NPKIx509Invalid_System_Error |
Hardware or network problems were encountered. |
0x0000002 |
NPKIx509Invalid_Decode_Error |
There was a problem decoding the certificate. |
0x0000003 |
NPKIx509Invalid_Subject_Issuer_Name |
The subject name of the issuing certificate does not match the issuer name of subject certificate. |
0x0000004 |
NPKIx509Invalid_Future |
The certificate’s start date is in the future. |
0x0000005 |
NPKIx509Invalid_Expired |
The certificate has expired. |
0x0000006 |
NPKIx509Invalid_Issuer_Not_CA |
The issuer is not a valid CA. |
0x0000007 |
NPKIx509Invalid_Path_Length |
The X.509 basic constraints path length has been violated. |
0x0000008 |
NPKIx509Invalid_Unknown_Critical_Extension |
The certificate contains a critical extension that can not be understood. |
0x0000009 |
NPKIx509Invalid_KeyUsage |
The key does not support the requested usage. |
0x000000A |
NPKIx509Invalid_CRL_Decode_Error |
An error occurred during the decoding of the CRL. |
0x000000B |
NPKIx509Invalid_Certificate_On_CRL |
One of the certificates in the chain is on a CRL. |
0x000000C |
NPKIx509Invalid_Cant_Process_CDP |
The certificate contains a distribution point that can not be processed. |
0x000000D |
NPKIx509Invalid_Cant_Read_CRL |
The CRL could not be read. |
0x000000E |
NPKIx509Invalid_Invalid_CRL |
The CRL is not valid for this certificate. |
0x000000F |
NPKIx509Invalid_Expired_CRL |
The CRL has expired and a new one has not been issued. |
0x0000010 |
NPKIx509Invalid_CRL_Issuer_Name |
The issuer name of the CRL identified in the certificate does not match the issuer name in the CRL retrieved. |
0x0000011 |
NPKIx509Invalid_Issuer_Not_Trusted |
One or more of the certificates in the certificate chain does not exist in the specified trusted root container. NOTE:This error code can only be returned by a call to NPKIVerifyCertificateWithTrustedRoots, and not any of the NPKIT functions. |
0x0000012 |
NPKIx509Invalid_CDP_Exists_Did_Not_Check_CRL |
(An advisory flag.) The CDP (Certificate Distribution Point) exists, but the CRL was not checked because you requested that it not be checked. |
0x0000013 |
NPKIx509Invalid_Invalid_Signature |
The signature of the CRL is invalid. |
The following flags are used to specify why a CRL distribution point is invalid. These values are used by the reasons parameter in the function NPKIT_x509CRLDistributionPoint.