| DSA: DSA signature verification
DSA parameter inheritance Name Constraints: directoryName
rfc822Name dNSname uniformResourceIdentifier Distribution Points: onlySomeReasons
nameRelativeToIssuer indirect CRLs |
delta-CRLs
Policy Processing: anyPolicy OID
inhibitAnyPolicy initial-inhibit-any-policy policyMappings inhibitPolicyMapping initial-inhibit-policy-mapping |
| Test |
Expected Result |
Actual Result |
| 4.1.1 Valid Signatures Test1 |
Validate Successfully |
Success |
| 4.1.2 Invalid CA Signature Test2 |
Reject - Invalid signature on intermediate certificate |
Reject |
| 4.1.3 Invalid EE Signature Test3 |
Reject - Invalid signature on end entity certificate |
Reject |
| 4.1.4 Valid DSA Signatures Test4 |
Validate Successfully |
Success |
| 4.1.5 Valid DSA Parameter Inheritance Test5 |
Reject |
This test does not need to be run |
| 4.1.6 Invalid DSA Signature Test6 |
Reject - Invalid signature on end entity certificate |
Reject |
| 4.2.1 Invalid CA notBefore Date Test1 |
Reject - notBefore date in intermediate certificate is after the current date |
Unexpected success |
| 4.2.2 Invalid EE notBefore Date Test2 |
Reject - notBefore date in end entity certificate is after the current date |
Unexpected success |
| 4.2.3 Valid pre2000 UTC notBefore Date Test3 |
Validate Successfully |
Success |
| 4.2.4 Valid GeneralizedTime notBefore Date Test4 |
Validate Successfully |
Success |
| 4.2.5 Invalid CA notAfter Date Test5 |
Reject - notAfter date in intermediate certificate is before the current date |
Unexpected success |
| 4.2.6 Invalid EE notAfter Date Test6 |
Reject - notAfter date in end entity certificate is before the current date |
Unexpected success |
| 4.2.7 Invalid pre2000 UTC EE notAfter Date Test7 |
Reject - notAfter date in end entity certificate is before the current date |
Unexpected success |
| 4.2.8 Valid GeneralizedTime notAfter Date Test8 |
Validate Successfully |
Success |
| 4.3.1 Invalid Name Chaining EE Test1 |
Reject - names do not chain |
|
| 4.3.2 Invalid Name Chaining Order Test2 |
Reject - names do not chain |
|
| 4.3.3 Valid Name Chaining Whitespace Test3 |
Validate Successfully |
|
| 4.3.4 Valid Name Chaining Whitespace Test4 |
Validate Successfully |
|
| 4.3.5 Valid Name Chaining Capitalization Test5 |
Validate Successfully |
|
| 4.3.6 Valid Name Chaining UIDs Test6 |
Validate Successfully |
Success |
| 4.3.7 Valid RFC3280 Mandatory Attribute Types Test7 |
Validate Successfully |
This test does not need to be run |
| 4.3.8 Valid RFC3280 Optional Attribute Types Test8 |
Validate Successfully |
This test does not need to be run |
| 4.3.9 Valid UTF8String Encoded Names Test9 |
Validate Successfully |
Success |
| 4.3.10 Valid Rollover from PrintableString to UTF8String Test10 |
The certification path is valid. However, a PVM that implements the minimum name comparison rules in RFC 3280 will reject the certification path since it will not recognize that names chain correctly |
This test does not need to be run |
| 4.3.11 Valid UTF8String Case Insensitive Match Test11 |
The certification path is valid. However, a PVM that implements the minimum name comparison rules in RFC 3280 will reject the certification path since it will not recognize that names chain correctly |
This test does not need to be run |
| 4.4.1 Missing CRL Test1 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.4.2 Invalid Revoked CA Test2 |
Reject - an intermediate certificate has been revoked. |
Success |
| 4.4.3 Invalid Revoked EE Test3 |
Reject - the end entity certificate has been revoked |
Success |
| 4.4.4. Invalid Bad CRL Signature Test4 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.4.5 Invalid Bad CRL Issuer Name Test5 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.4.6 Invalid Wrong CRL Test6 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.4.7 Valid Two CRLs Test7 |
Validate Successfully |
Success |
| 4.4.8 Invalid Unknown CRL Entry Extension Test8 |
Reject - the end entity certificate has been revoked |
Success |
| 4.4.9 Invalid Unknown CRL Extension Test9 |
Reject - the end entity certificate has been revoked |
Success |
| 4.4.10 Invalid Unknown CRL Extension Test10 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.4.11 Invalid Old CRL nextUpdate Test11 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.4.12 Invalid pre2000 CRL nextUpdate Tesst12 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.4.13 Valid GeneralizedTime CRL nextUpdate Test13 |
Validate Successfully |
Success |
| 4.4.14 Valid Negative Serial Number Test14 |
Validate Successfully |
Success |
| 4.4.15 Invalid Negative Serial Number Test15 |
Reject - the end entity certificate has been revoked |
Success |
| 4.4.16 Valid Long Serial Number Test16 |
Validate Successfully |
Success |
| 4.4.17 Valid Long Serial Number Test17 |
Validate Successfully |
Success |
| 4.4.18 Invalid Long Serial Number Test18 |
Reject - the end entity certificate has been revoked |
Success |
| 4.4.19 Valid Separate Certificate and CRL Keys Test19 |
Validate Successfully |
Success |
| 4.4.20 Invalid Separate Certificate and CRL Keys Test20 |
Reject - the end entity certificate has been revoked |
Success |
| 4.4.21 Invalid Separate Certificate and CRL Keys Test21 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.5.1 Valid Basic Self-Issued Old With New Test1 |
Validate Successfully |
Success |
| 4.5.2 Invalid Basic Self-Issued Old With New Test2 |
Reject - the end entity certificate has been revoked |
Success |
| 4.5.3 Valid Basic Self-Issued New With Old Test3 |
Validate Successfully |
Success |
| 4.5.4 Valid Basic Self-Issued New With Old Test4 |
Validate Successfully |
Success |
| 4.5.5 Invalid Basic Self-Issued New With Old Test5 |
Reject - the end entity certificate has been revoked |
Success |
| 4.5.6 Valid Basic Self-Issued CRL Signing Key Test6 |
Validate Successfully |
Success |
| 4.5.7 Invalid Basic Self-Issued CRL Signing Key Test7 |
Reject - the end entity certificate has been revoked |
Success |
| 4.5.8 Invalid Basic Self-Issued CRL Signing Key Test8 |
Reject - invalid certification path |
Reject |
| 4.6.1 Invalid Missing basicConstraints Test1 |
Reject - invalid certification path |
Reject |
| 4.6.2 Invalid cA False Test2 |
Reject - invalid certification path |
Reject |
| 4.6.3 Invalid cA False Test3 |
Reject - invalid certification path |
Reject |
| 4.6.4 Valid basicConstraints Not Critical Test4 |
Validate Successfully |
Success |
| 4.6.5 Invalid pathLenConstraint Test5 |
Reject - invalid certification path |
Unexpected success |
| 4.6.6 Invalid pathLenConstraint Test6 |
Reject - invalid certification path |
Unexpected success |
| 4.6.7 Valid pathLenConstraint Test7 |
Validate Successfully |
Success |
| 4.6.8 Valid pathLenConstraint Test8 |
Validate Successfully |
Success |
| 4.6.9 Invalid pathLenConstraint Test9 |
Reject - invalid certification path |
Unexpected success |
| 4.6.10 Invalid pathLenConstraint Test10 |
Reject - invalid certification path |
Unexpected success |
| 4.6.11 Invalid pathLenConstraint Test11 |
Reject - invalid certification path |
Unexpected success |
| 4.6.12 Invalid pathLenConstraint Test12 |
Reject - invalid certification path |
Unexpected success |
| 4.6.13 Valid pathLenConstraint Test13 |
Validate Successfully |
Success |
| 4.6.14 Valid pathLenConstraint Test14 |
Validate Successfully |
Success |
| 4.6.15 Valid Self-Issued pathLenConstraint Test15 |
Validate Successfully |
Success |
| 4.6.16 Invalid Self-Issued pathLenConstraint Test16 |
Reject - invalid certification path |
Unexpected success |
| 4.6.17 Valid Self-Issued pathLenConstraint Test17 |
Validate Successfully |
Success |
| 4.7.1 Invalid keyUsage Critical keyCertSign False Test1 |
Reject - invalid certification path |
Unexpected success |
| 4.7.2 Invalid keyUsage Not Critical keyCertSign False Test2 |
Reject - invalid certification path |
Unexpected success |
| 4.7.3 Valid keyUsage Not Critical Test3 |
Validate Successfully |
Success |
| 4.7.4 Invalid keyUsage Critical cRLSign False Test4 |
Reject - invalid certification path |
Unexpected success |
| 4.7.5 Invalid keyUsage Not Critical cRLSign False Test5 |
Reject - invalid certification path |
Unexpected success |
| 4.8.1 All Certificates Same Policy Test1, subtest 1 |
Validate Successfully [Run if application can be configured as specified (i.e., if initial-policy-set can be any-policy when initial-explicit-policy is set). Otherwise indicate that test could not be run.] |
Success |
| 4.8.1 All Certificates Same Policy Test1, subtest 2 |
Validate Successfully |
Success |
| 4.8.1 All Certificates Same Policy Test1, subtest 3 |
Reject - no acceptable policy |
Unexpected success |
| 4.8.1 All Certificates Same Policy Test1, subtest 4 |
Validate Successfully |
Success |
| 4.8.2 All Certificates No Policies Test2, subtest 1 |
Validate Successfully |
Success |
| 4.8.2 All Certificates No Policies Test2, subtest 2 |
Reject - no acceptable policy [initial-policy-set may be set to {NIST-test-policy-1, NIST-test-policy-2, NIST-test-policy-3, NIST-test-policy-4, NIST-test-policy-5, NIST-test-policy-6} if it can not be set to any-policy] |
Unexpected success |
| 4.8.3 Different Policies Test3, subtest 1 |
Validate Successfully |
Success |
| 4.8.3 Different Policies Test3, subtest 2 |
Reject - no acceptable policy [Run if application can be configured as specified (i.e., if initial-policy-set can be any-policy when initial-explicit-policy is set). Otherwise indicate that test could not be run.] |
Unexpected success |
| 4.8.3 Different Policies Test3, subtest 3 |
Reject - no acceptable policy |
Unexpected success |
| 4.8.4 Different Policies Test4 |
Reject - no acceptable policy |
Unexpected success |
| 4.8.5 Different Policies Test5 |
Reject - no acceptable policy |
Unexpected success |
| 4.8.6 Overlapping Policies Test6, subtest 1 |
Validate Successfully |
Success |
| 4.8.6 Overlapping Policies Test6, subtest 2 |
Validate Successfully |
Success |
| 4.8.6 Overlapping Policies Test6, subtest 3 |
Reject - no acceptable policy |
Unexpected success |
| 4.8.7 Different Policies Test7 |
Reject - no acceptable policy |
Unexpected success |
| 4.8.8 Different Policies Test8 |
Reject - no acceptable policy |
Unexpected success |
| 4.8.9 Different Policies Test9 |
Reject - no acceptable policy |
Unexpected success |
| 4.8.10 All Certificates Same Policies Test10, subtest 1 |
Validate Successfully |
Success |
| 4.8.10 All Certificates Same Policies Test10, subtest 2 |
Validate Successfully |
Success |
| 4.8.10 All Certificates Same Policies Test10, subtest 3 |
Validate Successfully |
Success |
| 4.8.11 All Certificates AnyPolicy Test11, subtest 1 |
Validate Successfully |
This test does not need to be run |
| 4.8.11 All Certificates AnyPolicy Test11, subtest 2 |
Reject - path only valid under anyPolicy OID |
This test does not need to be run |
| 4.8.12 Different Policies Test12 |
Reject - no acceptable policy |
Unexpected success |
| 4.8.13 All Certificates Same Policies Test13, subtest 1 |
Validate Successfully |
Success |
| 4.8.13 All Certificates Same Policies Test13, subtest 2 |
Validate Successfully |
Success |
| 4.8.13 All Certificates Same Policies Test13, subtest 3 |
Validate Successfully |
Success |
| 4.8.14 AnyPolicy Test14, subtest 1 |
Reject - no acceptable policy |
This test does not need to be run |
| 4.8.14 AnyPolicy Test14, subtest 2 |
Reject - no acceptable policy |
This test does not need to be run |
| 4.8.15 User Notice Qualifier Test15 |
Validate Successfully |
This test does not need to be run |
| 4.8.16 User Notice Qualifier Test16 |
Validate Successfully |
This test does not need to be run |
| 4.8.17 User Notice Qualifier Test17 |
Validate Successfully |
This test does not need to be run |
| 4.8.18 User Notice Qualifier Test18, subtest 1 |
Validate Successfully |
This test does not need to be run |
| 4.8.18 User Notice Qualifier Test18, subtest 2 |
Validate Successfully |
This test does not need to be run |
| 4.8.19 User Notice Qualifier Test19 |
This certification path may be rejected since the end entity certificate contains a policy qualifier with an explicitText string that is longer than 200 characters. This certification path may be validated successfully if the length violation is ignored. |
This test does not need to be run |
| 4.8.20 CPS Pointer Qualifier Test20 |
Validate Successfully [Test should be run with initial-explicit-policy set (initial-policy-set may be set to {NIST-test-policy-1, NIST-test-policy-2, NIST-test-policy-3, NIST-test-policy-4, NIST-test-policy-5, NIST-test-policy-6} if it can not be set to any-policy).] |
Success |
| 4.9.1 Valid RequireExplicitPolicy Test1 |
Validate Successfully |
Success |
| 4.9.2 Valid RequireExplicitPolicy Test2 |
Validate Successfully |
Success |
| 4.9.3 Invalid RequireExplicitPolicy Test3 |
Reject - no acceptable policy |
Unexpected success |
| 4.9.4 Valid RequireExplicitPolicy Test4 |
Validate Successfully |
Success |
| 4.9.5 Invalid RequireExplicitPolicy Test5 |
Reject - no acceptable policy |
Unexpected success |
| 4.9.6 Valid Self-Issued requireExplicitPolicy Test6 |
Validate Successfully |
Success |
| 4.9.7 Invalid Self-Issued requireExplicitPolicy Test7 |
Reject - no acceptable policy |
Unexpected success |
| 4.9.8 Invalid Self-Issued requireExplicitPolicy Test8 |
Reject - no acceptable policy |
Unexpected success |
| 4.10.1 Valid Policy Mapping Test1, subtest 1 |
Reject - unrecognized critical extension [Test using the default settings (i.e., initial-policy-set = any-policy) |
Unexpected success |
| 4.10.1 Valid Policy Mapping Test1, subtest 2 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.1 Valid Policy Mapping Test1, subtest 3 |
Test can not be run |
This test does not need to be run |
| 4.10.2 Invalid Policy Mapping Test2, subtest 1 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.2 Invalid Policy Mapping Test2, subtest 2 |
Test can not be run |
This test does not need to be run |
| 4.10.3 Valid Policy Mapping Test3, subtest 1 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.3 Valid Policy Mapping Test3, subtest 2 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.4 Invalid Policy Mapping Test4 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.5 Valid Policy Mapping Test5, subtest 1 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.5 Valid Policy Mapping Test5, subtest 2 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.6 Valid Policy Mapping Test6, subtest 1 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.6 Valid Policy Mapping Test6, subtest 2 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.7 Invalid Mapping From anyPolicy Test7 |
Validate Successfully if the anyPolicy OID is treated the same as any other policy OID |
This test does not need to be run |
| 4.10.8 Invalid Mapping To anyPolicy Test8 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.9 Valid Policy Mapping Test9 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.10 Invalid Policy Mapping Test10 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.11 Valid Policy Mapping Test11 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.12 Valid Policy Mapping Test12, subtest 1 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.12 Valid Policy Mapping Test12, subtest 2 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.13 Valid Policy Mapping Test13 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.10.14 Valid Policy Mapping Test14 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.11.1 Invalid inhibitPolicyMapping Test1 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.11.2 Valid inhibitPolicyMapping Test2 |
Reject - unrecognized critical extension |
Unexpected success |
| 4.11.3 Invalid inhibitPolicyMapping Test3 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.11.4 Valid inhibitPolicyMapping Test4 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.11.5 Invalid inhibitPolicyMapping Test5 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.11.6 Invalid inhibitPolicyMapping Test6 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.11.7 Valid Self-Issued inhibitPolicyMapping Test7 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.11.8 Invalid Self-Issued inhibitPolicyMapping Test8 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.11.9 Invalid Self-Issued inhibitPolicyMapping Test9 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.11.10 Invalid Self-Issued inhibitPolicyMapping Test10 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.11.11 Invalid Self-Issued inhibitPolicyMapping Test11 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.12.1 Invalid inhibitAnyPolicy Test1 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.12.2 Valid inhibitAnyPolicy Test2 |
Reject - unrecognized critical extension |
Unexpected success |
| 4.12.3 inhibitAnyPolicy Test3, subtest 1 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.12.3 inhibitAnyPolicy Test3, subtest 2 |
Test can not be run |
This test does not need to be run |
| 4.12.4 Invalid inhibitAnyPolicy Test4 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.12.5 Invalid inhibitAnyPolicy Test5 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.12.6 Invalid inhibitAnyPolicy Test6 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.12.7 Valid Self-Issued inhibitAnyPolicy Test7 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.12.8 Invalid Self-Issued inhibitAnyPolicy Test8 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.12.9 Valid Self-Issued inhibitAnyPolicy Test9 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.12.10 Invalid Self-Issued inhibitAnyPolicy Test10 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.1 Valid DN nameConstraints Test1 |
Reject - unrecognized critical extension |
Unexpected success |
| 4.13.2 Invalid DN nameConstraints Test2 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.3 Invalid DN nameConstraints Test3 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.4 Valid DN nameConstraints Test4 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.5 Valid DN nameConstraints Test5 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.6 Valid DN nameConstraints Test6 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.7 Invalid DN nameConstraints Test7 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.8 Invalid DN nameConstraints Test8 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.9 Invalid DN nameConstraints Test9 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.10 Invalid DN nameConstraints Test10 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.11 Valid DN nameConstraints Test11 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.12 Invalid DN nameConstraints Test12 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.13 Invalid DN nameConstraints Test13 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.14 Valid DN nameConstraints Test14 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.15 Invalid DN nameConstraints Test15 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.16 Invalid DN nameConstraints Test16 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.17 Invalid DN nameConstraints Test17 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.18 Valid DN nameConstraints Test18 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.19 Valid Self-Issued DN nameConstraints Test19 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.20 Invalid Self-Issued DN nameConstraints Test20 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.21 Valid RFC822 nameConstraints Test21 |
Reject - unrecognized critical extension |
Unexpected success |
| 4.13.22 Invalid RFC822 nameConstraints Test22 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.23 Valid RFC822 nameConstraints Test23 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.24 Invalid RFC822 nameConstraints Test24 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.25 Valid RFC822 nameConstraints Test25 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.26 Invalid RFC822 nameConstraints Test26 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.27 Valid DN and RFC822 nameConstraints Test27 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.28 Invalid DN and RFC822 nameConstraints Test28 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.29 Invalid DN and RFC822 nameConstraints Test29 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.30 Valid DNS nameConstraints Test30 |
Reject - unrecognized critical extension |
Unexpected success |
| 4.13.31 Invalid DNS nameConstraints Test31 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.32 Valid DNS nameConstraints Test32 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.33 Invalid DNS nameConstraints Test33 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.34 Valid URI nameConstraints Test34 |
Reject - unrecognized critical extension |
Unexpected success |
| 4.13.35 Invalid URI nameConstraints Test35 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.36 Valid URI nameConstraints Test36 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.37 Invalid URI nameConstraints Test37 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.13.38 Invalid DNS nameConstraints Test38 |
Reject - unrecognized critical extension |
This test does not need to be run |
| 4.14.1 Valid distributionPoint Test1 |
Validate Successfully |
Success |
| 4.14.2 Invalid distributionPoint Test2 |
Reject - end entity certificate has been revoked |
Success |
| 4.14.3 Invalid distributionPoint Test3 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.14.4 Valid distributionPoint Test4 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.14.5 Valid distributionPoint Test5 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.14.6 Invalid distributionPoint Test6 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.7 Valid distributionPoint Test7 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.8 Invalid distributionPoint Test8 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.9 Invalid distributionPoint Test9 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.14.10 Valid No issuingDistributionPoint Test10 |
Validate Successfully |
Success |
| 4.14.11 Invalid onlyContainsUserCerts CRL Test11 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.14.12 Invalid onlyContainsCACerts CRL Test12 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.14.13 Valid onlyContainsCACerts CRL Test13 |
Validate Successfully |
Success |
| 4.14.14 Invalid onlyContainsAttributeCerts Test14 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.14.15 Invalid onlySomeReasons Test15 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.16 Invalid onlySomeReasons Test16 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.17 Invalid onlySomeReasons Test17 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.18 Valid onlySomeReasons Test18 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.14.19 Valid onlySomeReasons Test19 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.20 Invalid onlySomeReasons Test20 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.21 Invalid onlySomeReasons Test21 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.22 Valid IDP with indirectCRL Test22 |
Application may validate successfully. However, if the application treats an issuingDistributionPoint extension with indirectCRL set to TRUE as an unrecognized critical extension then the application should reject the path or issue a warning that the status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.23 Invalid IDP with indirectCRL Test23 |
Reject - end entity certificate has been revoked |
This test does not need to be run |
| 4.14.24 Valid IDP with indirectCRL Test24 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.14.25 Valid IDP with indirectCRL Test25 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.26 Invalid IDP with indirectCRL Test26 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.27 Invalid cRLIssuer Test27 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.28 Valid cRLIssuer Test28 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.29 Valid cRLIssuer Test29 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.30 Valid cRLIssuer Test30 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.31 Invalid cRLIssuer Test31 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.32 Invalid cRLIssuer Test32 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.33 Valid cRLIssuer Test33 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.14.34 Invalid cRLIssuer Test34 |
Reject - end entity certificate has been revoked |
This test does not need to be run |
| 4.14.35 Invalid cRLIssuer Test35 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.15.1 Invalid deltaCRLIndicator No Base Test1 |
Reject or Warn - status of end entity certificate can not be determined |
Success |
| 4.15.2 Valid delta-CRL Test2 |
Validate Successfully |
This test does not need to be run |
| 4.15.3 Invalid delta-CRL Test3 |
Reject - end entity certificate has been revoked |
This test does not need to be run |
| 4.15.4 Invalid delta-CRL Test4 |
Validate Successfully |
This test does not need to be run |
| 4.15.5 Valid delta-CRL Test5 |
Reject - end entity certificate is on hold |
This test does not need to be run |
| 4.15.6 Invalid delta-CRL Test6 |
Reject - end entity certificate is on hold |
This test does not need to be run |
| 4.15.7 Valid delta-CRL Test7 |
Validate Successfully |
This test does not need to be run |
| 4.15.8 Valid delta-CRL Test8 |
Validate Successfully |
This test does not need to be run |
| 4.15.9 Invalid delta-CRL Test9 |
Reject - end entity certificate has been revoked |
This test does not need to be run |
| 4.15.10 Invalid delta-CRL Test10 |
Reject or Warn - status of end entity certificate can not be determined |
This test does not need to be run |
| 4.16.1 Valid Unknown Not Critical Certificate Extension Test1 |
Validate Successfully |
Success |
| 4.16.2 Invalid Unknown Critical Certificate Extension Test2 |
Reject - unrecognized critical extension |
Unexpected success |