PKI Plug - revocation status provider for Microsoft CAPI
PKI Plug is a revocation status provider for Microsoft CAPI. It aims to influence CAPI path processing to cause shorter certification paths to be favored over longer certification paths. The public key from each certificate presented to PKI Plug is extracted and used to search the Root certificate store. If the public key is present in the Root certificate store and the presented certificate is not self-issued, the revocation status of the presented certificate is set to REVOKED. This precludes the usage of certificates issued for public keys that are already explicitly trusted. In cross-certified environments, this can have several positive effects including: improved performance by avoiding unnecessary revocation status determination operations for other certificates in path containing certificates PKI Plug “revokes”; improved usability by avoiding problems associated with sorting logic that sometimes favors longer invalid paths over shorter valid paths.
Note: In order for PKI Plug to be used, revocation status checking must be enabled. Here’s where the setting is located for Internet Explorer:
Download PkiPlug and its source code from sourceforge (License).
Send questions or comments to pkif_support AT cygnacom DOT com.