In CryptoAPI one can use the CertGetCertificateChain API to do the path building and basic chain validation, this validation may include revocation checking depending on which flags you pass via dwFlags; for example these flags control if revocation checking occurs, and if so, on which certificates: CERT_CHAIN_REVOCATION_CHECK_END_CERT CERT_CHAIN_REVOCATION_CHECK_CHAIN CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT Typically you would specify CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT which … Continue reading CryptoAPI, Revocation checking, OCSP and the Unknown certStatus