Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The client has requested the revisions on the CA signing certificate. If the server implements the Signing_Cert table, it MUST return a ULONG array that identifies the revisions to its signing certificates as specified as follows. Otherwise, the server MUST return an empty CERTTRANSBLOB structure.
The CA MUST return the array in a CERTTRANSBLOB (section 2.2.2.2) structure. Each ULONG value in the returned array MUST contain version information for a signing certificate in little-endian format. The upper 16 bits MUST contain a zero-based key index, and the lower 16 MUST contain a zero-based certificate index.
Example: The CA has renewed its certificates in the following manner:
Certificate_0 contains the original key.
Certificate_1 is created by renewing Certificate_0 with a new key.
Certificate_2 is created by renewing Certificate_1 with the key used to create Certificate_1.
Certificate_3 is created by renewing Certificate_2 with the key used to create Certificate_1.
Certificate_4 is created by renewing Certificate_3 with the key used to create Certificate_1.
Certificate_5 is created by renewing Certificate_4 with a new key.
Certificate_6 is created by renewing Certificate_5 with the key used to create Certificate_5.
Certificate_7 is created by renewing Certificate_6 with the key used to create Certificate_5.
Certificate_8 is created by renewing Certificate_7 with a new key.
This renewal pattern leads to the following ULONG array.
|
Index |
ULONG |
Key index |
Certificate index |
|---|---|---|---|
|
0 |
0x00000000 |
0000 |
0000 |
|
1 |
0x00010001 |
0001 |
0001 |
|
2 |
0x00010002 |
0001 |
0002 |
|
3 |
0x00010003 |
0001 |
0003 |
|
4 |
0x00010004 |
0001 |
0004 |
|
5 |
0x00050005 |
0005 |
0005 |
|
6 |
0x00050006 |
0005 |
0006 |
|
7 |
0x00050007 |
0005 |
0007 |
|
8 |
0x00080008 |
0008 |
0008 |