Validity of Root Certification Authority Cannot Be Determined

This article has been archived. It is offered "as is" and will no longer be updated.
When you view the digital signature of a document in the Digital Signature dialog box of a Microsoft Office XP program on a Microsoft Windows 2000-based computer, the root certificate icon indicates a warning. When the root certificate is selected, you may receive the following error message in the Certificate Status window:
Windows cannot determine the validity of this certificate because it cannot locate a valid certificate revocation list from one or more of the certification authorities in the certification path.
This behavior may occur if Office XP verifies a digital signature, Office XP will try to verify the certificate revocation list on the root certification authority (CA). Because the certificate revocation list of a CA is self-signed, many root CAs will not provide a certificate revocation list. However, if a verification of the root CA certificate revocation list is requested, a non-existent certificate revocation list may result in a message that indicates the risk of a certificate that is not valid.

If the program makes the request, Windows 2000 will try to verify the certificate revocation list. However, because a certificate revocation list for the root CA is not verified, Office XP does not request a certificate revocation list of the root CA, regardless of the request by Office XP.
To work around this issue, use one of the following methods:
  • Manually install the certificate revocation list to each workstation.

    Note As the certificate revocation list may expire frequently, you may have to repeat this method frequently. This method may not be suitable in large environments.
  • Use third-party public key infrastructure (PKI) add-on software.
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.The global version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date         Time    Size        File name        ---------------------------------------------   10-Apr-2003  19:01	10,138,852  Sharedff.msp   10-Apr-2003  17:13	 3,959,932  Sharedop.msp				
After the hotfix is installed, the following files will have the listed attributes or later:
   Date         Time   Version      Size       File name        -------------------------------------------------------   10-Apr-2003  07:32  10.0.5208.0  9,939,528  Mso.dll         				
This fix is a post-Office XP Service Pack 2 (SP-2) fix. To install the fix, you must have Office XP SP-2 installed. For additional information about Office XP SP-2, click the following article number to see the article in the Microsoft Knowledge Base:
325671 OFFXP: Overview of the Office XP Service Pack 2
Additionally, you may have to install Windows Installer 2.0 to install this fix. For additional information about the Windows Installer requirement for post-Office XP SP-2 fixes, click the following article number to see the article in the Microsoft Knowledge Base:
330537 OFFXP: Office XP Updates and Patches Released After September 2002 May Require Windows Installer 2.0
To access the Digital Signature dialog box in either Word 2002, Excel 2002, or PowerPoint 2002, follow these steps:
  1. On the Tools menu, click Options.
  2. Click the Security tab, and then click Digital Signatures.
  3. Double-click the signature (or select the signature), and then click View Certificate to open the Certificate dialog box.
crl pki

Article ID: 810370 - Last Review: 02/27/2014 18:42:59 - Revision: 1.5

Microsoft Excel 2002 Standard Edition, Microsoft PowerPoint 2002 Standard Edition, Microsoft Word 2002 Standard Edition, the operating system: Microsoft Windows 2000

  • kbnosurvey kbarchive kbautohotfix kbhotfixserver kbqfe kbsecurity kbbug KB810370