Article ID: 884325 - View products that this article applies to.
When a third-party Certification Revocation List (CRL) tries to validate a third-party certificate on a computer that is running one of the Microsoft products in the "Applies to" section, you receive the following error message:
This issue may occur if the third-party CRL contains Issuer Distribution Point (IDP) extension fields that Windows does not support.
You cannot use a CRL that contains IDP extension fields on a Microsoft Windows Server product that is an earlier version than Microsoft Windows Server 2003. Windows Server 2003 partially supports CRLs that contain certain IDP extension fields. In Windows Server 2003, the CryptoAPI function compares the CRL IDP extension field with the Certificate Distribution Point (CDP) extension of a certificate to validate the certificate. If you use a CRL that contains IDP extension fields that Windows does not support, the CryptoAPI function cannot validate the certificate.
Microsoft Windows XP also partially supports CRLs that contain certain IDP extension fields.
The following IDP extension fields may be used in a CRL:
Microsoft Windows 2000 with the MS04-11 security update installed, Windows XP, and Windows Server 2003 support the following IDP extension fields:
Only Windows XP and Windows Server 2003 support the distributionPoint IDP extension field.
Microsoft Windows NT and Windows 2000 without MS04-11 installed do not support the IDP extension fields.
For additional information about Microsoft security update MS04-011, click the following article number to view the article in the Microsoft Knowledge Base:
835732For additional information about CRLs and about CRL IDP extensions that Windows supports, visit the following Microsoft Web sites:
(http://support.microsoft.com/kb/835732/ )MS04-011: Security update for Microsoft Windows
http://technet.microsoft.com/en-us/library/cc700843.aspxMicrosoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Article ID: 884325 - Last Review: February 7, 2007 - Revision: 3.5