4.1.4 Read the petition response
If the secure clock server responds with "HTTP 200 (OK)", the client reads the entire body of the response for the secure clock challenge URL. If successful, the client proceeds to the next step, submitting the secure clock challenge.
A valid petition response has the following format as defined in section secure clock challenge petition response:
-
HTTP/1.1 302 Found Server: Microsoft-IIS/5.0 Location: URL Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 191
It is recommended that clients ensure that the response was transmitted via an SSL connection, even though SSL is not required.
If SSL is used, it is recommended that the client check the secure clock server's certificate to verify the following.
Ensure the response is current.
Ensure the response matches the domain.
Ensure that the response is properly signed by a trusted authority.
The client can verify that the certificate belongs to a known Microsoft secure clock server.