24.9.8 When a Certificate is Revoked
When a public key’s certificate does not match any entry on the CRL, the private or public key is used to sign or encrypt an outgoing message. When a certificate matches an entry on the CRL or the certificate’s status is unknown, a private or public key is considered revoked. By default Communications Express Mail does not use a key with a revoked certificate to sign or encrypt an outgoing message. If the private key of a signed message is revoked by the time the recipient reads the message, the recipient receives a warning message indicating that the signature should not be trusted.
If desired, you can change the various default policies for all revoked certificates with the following parameters in the smime.conf file:
-
Set sendsigncertrevoked to allow to sign an outgoing message with a private key that is considered revoked because its public key’s certificate is revoked
-
Set sendencryptcertrevoked to allow to encrypt an outgoing message with a public key that has a revoked certificate
-
Set revocationunknown to ok to treat a certificate as valid whose status is unknown; the private or public key is used to sign or encrypt an outgoing message
- © 2010, Oracle Corporation and/or its affiliates