Building and Maintaining a Certificate Revocation List
Verifying each certificate against the CA programmatically is not always practical. First, you are not likely to have the administrative privileges necessary to use the CertAdmin object. Second, not all CAs are going to be running Microsoft's Certificate Server for their CA. If either of these conditions exist, you have a problem. If you don't verify a certificate you receive against the CA, you have no way of knowing whether the certificate is still valid or if it might have been revoked.
You can take another approach to solving this problem: You can use Certificate Revocation Lists (CRLs). Every CA publishes a CRL listing every certificate it has issued that has been revoked. These ...
Get Developing Secure Applications with Visual Basic now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
