Certificate Chain Validation using Authority Info Access with HTTPS Alternative Name RRS feed

  • Question

  • Does Windows explicitly disallow validation of intermediate certificates when the Authority Info Access Alternative Name contains an HTTPS URL? My research seems to indicate so but I cannot find authoritative documentation specifying this.

    The reproduce case is for a certificate that specifies an intermediate CA using an HTTPS URL that is not already present in the Intermediate Certificate Store, Windows doesn't issue any web requests to download the intermediate certificate when calling the X509Chain.Build method, but does if the URL is HTTP (traffic inspected using Fiddler).

    • Edited by JRL_PCD Friday, December 4, 2015 6:41 PM
    Friday, December 4, 2015 6:41 PM