CheckRevocationStatus Method is used to check the revocation status of an Certificate.

Clients or Servers may use this Method if the issuer Certificate has a crlDistributionPoint extension, an authorityInformationAccess extension (see RFC 6960) or the TrustList is configured to require online Certificate revocation checks (see 7.8.2.1).

The CertificateManager will typically use a protocol such as OCSP (see RFC 6960) to verify the Certificate status using the endpoint in the CDP extension, however, it may also optimize performance by maintaining a cache of recently verified Certificate and/or maintaining it’s own offline CRLs. The validityTime parameter provides guidance on how long a result can be kept in a local cache.

The caller shall perform all validation checks other than the revocation status check (see OPC 10000-4) on the Certificate before calling this Method. The CertificateManager shall check the Signature on the Certificate and may do additional validation.

This Method shall be called from an authenticated SecureChannel.

Signature

CheckRevocationStatus (

[in] ByteString certificate

[out] StatusCode certificateStatus

[out] UtcTime validityTime

);

Argument	Description
INPUTS
certificate	The DER encoded form of the Certificate to check.
OUTPUTS
certificateStatus	The first error encountered when validating the Certificate.
validityTime	When the result expires and should be rechecked. DateTime.MinValue is this is unknown.

Method Result Codes (defined in Call Service)

Result Code	Description
Bad_UserAccessDenied	The current user does not have the rights required.

Table 60 specifies the AddressSpace representation for the CheckRevocationStatus Method.

Table 60 – CheckRevocationStatus Method AddressSpace Definition

Attribute	Value
BrowseName	2:CheckRevocationStatus
References	NodeClass	BrowseName	DataType	TypeDefinition	ModellingRule
0:HasProperty	Variable	0:InputArguments	0:Argument[]	0:PropertyType	Mandatory
0:HasProperty	Variable	0:OutputArguments	0:Argument[]	0:PropertyType	Mandatory