CheckRevocationStatus Method is used to check the revocation status of an Certificate.
Clients or Servers may use this Method if the issuer Certificate has a crlDistributionPoint extension, an authorityInformationAccess extension (see RFC 6960) or the TrustList is configured to require online Certificate revocation checks (see 7.8.2.1).
The CertificateManager will typically use a protocol such as OCSP (see RFC 6960) to verify the Certificate status using the endpoint in the CDP extension, however, it may also optimize performance by maintaining a cache of recently verified Certificate and/or maintaining it’s own offline CRLs. The validityTime parameter provides guidance on how long a result can be kept in a local cache.
The caller shall perform all validation checks other than the revocation status check (see OPC 10000-4) on the Certificate before calling this Method. The CertificateManager shall check the Signature on the Certificate and may do additional validation.
This Method shall be called from an authenticated SecureChannel.
Signature
CheckRevocationStatus (
[in] ByteString certificate
[out] StatusCode certificateStatus
[out] UtcTime validityTime
);
Argument |
Description |
INPUTS |
|
certificate |
The DER encoded form of the Certificate to check. |
OUTPUTS |
|
certificateStatus |
The first error encountered when validating the Certificate. |
validityTime |
When the result expires and should be rechecked. DateTime.MinValue is this is unknown. |
Method Result Codes (defined in Call Service)
Result Code |
Description |
Bad_UserAccessDenied |
The current user does not have the rights required. |
Table 60 specifies the AddressSpace representation for the CheckRevocationStatus Method.
Table 60 – CheckRevocationStatus Method AddressSpace Definition
Attribute |
Value |
||||
BrowseName |
2:CheckRevocationStatus |
||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
0:HasProperty |
Variable |
0:InputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
0:HasProperty |
Variable |
0:OutputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |