We are on the final negative tests with Cert chain and revocation list checking. In particular we are failing subtests :
IIA3b - validate client certificate is trusted. We are walking the chain, it is not clear to me how to validate trust. I thought that was defined by community rules? What needs to be done to past this test with the testing tool.
IIA3b1 validate certificates in chain. We are walking the chain, does this just mean the same validation we do on the client cert do it again on each cert in the chain?
IIA3b1b check revocation status. We hit the CRL and process the list. We compare the serial number to the client cert and the revocation date to today. What else are we missing?
IIA3b3 - return unapproved_software_statement error if trusted cert chain cannot be constructed. This one feels like a symptom of the above is that correct?
Thanks
Tom