locked
Sigining data with SignedCMS without cheking CRL RRS feed

  • Question

  • Dear All,

    I'm trying to sign data using SignedCms class. I'm using ContentInfo and CmsSigner to sign the data and the result is fine.

    But some certificates in the chain contains CDP (CRL Distribution Point) with an unaccessible URL when used outside of the Intranet and thus I'm experiencing very long delay in signature.

    Is it possible to disable the CRL Checking during the signature of the message ? Here is a sample of the code I'm using to generate the signature:

    byte [] data; //My data
    X509Certificate2 certificate; // My signing certificate
    X509Certificate2Collection otherCertificates; // others certificates in the chain


    SignedCms cms;
    ContentInfo ci = new ContentInfo(data);
    CmsSigner cs = new CmsSigner(certificate);

    if (otherCertificates != null) foreach (X509Certificate2 c in otherCertificates) { cs.Certificates.Add(c); }

    cms = new SignedCms(ci);
    cms.ComputeSignature(cs);

    byte [] SignedData=cms.Encode();
     

     

     


    Kind regards,

    oblabla

     

    Sunday, December 12, 2010 10:12 AM

All replies

  • Is there any feedback on this issue from anyone at MS?

    there is a consistent 45-75s delay between the call to ComputeSignature() and the next step in the code in a datacenter with only proxy based access to the internet and the CRLs. The certificate chain has 2 parents.

    We unsuccessfully tried the "disable OCSP" in each certificate in MMC as well as in the CmsSigner certificate

    Also unsuccessfully tried the generatepublisherevidence enabled= false in the application and asp.net configuration runtime section.

    Also unsuccessfully tried the necessary proxy details via bitsadmin /util /setieproxy networkservice MANUAL_PROXY host:port ";exceptions" and winhttp proxy settings.

    Wednesday, March 20, 2013 7:37 PM