3.2.1.4.3.1.2 Requesting Status Inspection

  • Article

The caller of the ICertRequestD2::Request2 can request a status inspection of a certificate request similar to how it is defined in section 3.2.1.4.2.1.4.1.3. If the pb field of the pctbRequest parameter is NULL, the client has requested a status inspection of a certificate request and the CA MUST follow the rules defined in this section to respond to the request. The rules for processing a status inspection are as follows:

  1. If the *pdwRequestId is 0 and pwszSerialNumber is NULL, the CA MUST fail the request with a nonzero error.

  2. If the *pdwRequestId is nonzero and pwszSerialNumber is not NULL, the CA MUST fail the request with a nonzero error.

  3. If the *pdwRequestId is nonzero, the CA MUST look up the record in the Request table that is defined in section 3.2.1.1.1 by matching the request ID passed in the *pdwRequestId parameter with the values in the Request_RequestID column. If the lookup failed, the function MUST return the error 0x80094004 (CERTSRV_E_PROPERTY_EMPTY).

  4. If pwszSerialNumber is not NULL, the CA MUST look up the record in the Request table that is defined in section 3.2.1.1.1 by matching the serial number of the certificate in the pwszSerialNumber parameter with the values in the Serial_Number column. If the lookup failed, the function MUST return the error 0x80094004 (CERTSRV_E_PROPERTY_EMPTY).

  5. The CA MUST set the value of the pdwDisposition parameter by mapping the value of the Request_Disposition column for the located record as described in the table below. The values of the Request_Disposition column are defined in [MS-CSRA] section 3.1.1.1.1.

    Request_Disposition column value

    pdwDisposition value

    foreign certificate

    0

    request denied

    2

    certificate issued

    3

    request pending

    5

    certificate revoked

    6

    request failed

    A nonzero value indicating an error that is not one of the values already defined in this table.

  6. If the value of the Request_Disposition column is "certificate issued", the CA MUST return the previously issued certificate through the pctbEncodedCert parameter as specified in section 3.2.1.4.2.1.4.8.

  7. If the value of the Request_Disposition column is "request denied", the CA SHOULD set the return value to the 0x80094014 (CERTSRV_E_ADMIN_DENIED_REQUEST).<86>