[xmlsec] certificate chain verification

Aleksey Sanin aleksey at aleksey.com
Mon Jun 27 13:04:45 PDT 2011


mscrypto searches trusted certificates in the following order:
1) Key manager
2) Logged-in/current user crypro store
3) System crypto store

So answers to your questions are:
a) no
b) yes
3) yes

Aleksey


On 6/27/11 12:39 PM, EdShallow wrote:
>
> Does mscrypto check the certificate chain on a verify?
> a) - does the keysmngr have to be loaded with the trusted der-encoded 
> certs?
> b) - if the trusted certs are already in the MS crypto store, does 
> this avoid having to loaded the trusted certs in the keysmngr?
> c) - Wil mscrypto throw a verify error if neither a) nor b) is performed?
> Ed
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20110627/e9582ea5/attachment.html>


More information about the xmlsec mailing list