000012269 - Does RSA MES support the extension checking during the certificate validation process?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012269
Applies ToRSA BSAFE Micro Edition Suite
MES
IssueDoes RSA MES support the extension checking during the certificate validation process?
ResolutionMES has verification flags that you can set to check the name constraints, certificate policies, and basic constraints extensions:

    R_VERIFY_RES_PKIX_NAME_CONSTRAINTS
    R_VERIFY_RES_PKIX_POLICY
    R_VERIFY_RES_BASIC_CONSTRAINTS

See MES 4.0 API Reference Guide > Certificate Operations > Certificate Chain Verification > Identifiers > Verification Type Identifiers and MES 4.0 Developers Guide > Certificate Operations > Certificate Chain Verification > Certificate Policy Verification.

You can also set a verify callback function to check certificate extensions (such as Basic Constraints) during certificate verification.  See MES 4.0 API Reference Guide > Sample Programs > Certificate Operations > Intermediate > Certificate Verification and MES 4.0 API Reference Guide > Sample Programs > Certificate Operations > Advanced > Certificate Chain Verification.  The relevant sample code is in samples\source\share and samples\source\verify.

Also see MES 4.0 Developers Guide > Certificate Operations > Certificate Chain Verification Options.
Legacy Article IDa59388

Attachments

    Outcomes