Microsoft KB Archive/810370

= Validity of Root Certification Authority Cannot Be Determined =

Article ID: 810370

Article Last Modified on 9/27/2005

-

APPLIES TO


 * Microsoft Excel 2002 Standard Edition
 * Microsoft PowerPoint 2002 Standard Edition
 * Microsoft Word 2002 Standard Edition
 * Microsoft Windows 2000 Standard Edition

-





SYMPTOMS
When you view the digital signature of a document in the Digital Signature dialog box of a Microsoft Office XP program on a Microsoft Windows 2000-based computer, the root certificate icon indicates a warning. When the root certificate is selected, you may receive the following error message in the Certificate Status window:

Windows cannot determine the validity of this certificate because it cannot locate a valid certificate revocation list from one or more of the certification authorities in the certification path.



CAUSE
This behavior may occur if Office XP verifies a digital signature, Office XP will try to verify the certificate revocation list on the root certification authority (CA). Because the certificate revocation list of a CA is self-signed, many root CAs will not provide a certificate revocation list. However, if a verification of the root CA certificate revocation list is requested, a non-existent certificate revocation list may result in a message that indicates the risk of a certificate that is not valid.

If the program makes the request, Windows 2000 will try to verify the certificate revocation list. However, because a certificate revocation list for the root CA is not verified, Office XP does not request a certificate revocation list of the root CA, regardless of the request by Office XP.



WORKAROUND
To work around this issue, use one of the following methods:
 * Manually install the certificate revocation list to each workstation.

Note As the certificate revocation list may expire frequently, you may have to repeat this method frequently. This method may not be suitable in large environments.
 * Use third-party public key infrastructure (PKI) add-on software.



RESOLUTION
A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to systems that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next service pack that contains this fix.

To resolve this problem immediately, download the fix by clicking the download link later in this article or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question. The global version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date         Time    Size        File name -  10-Apr-2003  19:01   10,138,852  Sharedff.msp 10-Apr-2003 17:13    3,959,932  Sharedop.msp

After the hotfix is installed, the following files will have the listed attributes or later:   Date         Time   Version      Size       File name ---  10-Apr-2003  07:32  10.0.5208.0  9,939,528  Mso.dll

This fix is a post-Office XP Service Pack 2 (SP-2) fix. To install the fix, you must have Office XP SP-2 installed. For additional information about Office XP SP-2, click the following article number to see the article in the Microsoft Knowledge Base:

325671 OFFXP: Overview of the Office XP Service Pack 2

Additionally, you may have to install Windows Installer 2.0 to install this fix. For additional information about the Windows Installer requirement for post-Office XP SP-2 fixes, click the following article number to see the article in the Microsoft Knowledge Base:

330537 OFFXP: Office XP Updates and Patches Released After September 2002 May Require Windows Installer 2.0



MORE INFORMATION
To access the Digital Signature dialog box in either Word 2002, Excel 2002, or PowerPoint 2002, follow these steps:
 * 1) On the Tools menu, click Options.
 * 2) Click the Security tab, and then click Digital Signatures.
 * 3) Double-click the signature (or select the signature), and then click View Certificate to open the Certificate dialog box.

Additional query words: crl pki

Keywords: kbhotfixserver kbqfe kbsecurity kbbug KB810370

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.