Validity of Root Certification Authority Cannot Be Determined (810370)


The information in this article applies to:

  • Microsoft Excel 2002
  • Microsoft PowerPoint 2002
  • Microsoft Word 2002
  • the operating system: Microsoft Windows 2000

SYMPTOMS

When you view the digital signature of a document in the Digital Signature dialog box of a Microsoft Office XP program on a Microsoft Windows 2000-based computer, the root certificate icon indicates a warning. When the root certificate is selected, you may receive the following error message in the Certificate Status window:
Windows cannot determine the validity of this certificate because it cannot locate a valid certificate revocation list from one or more of the certification authorities in the certification path.

CAUSE

This behavior may occur if Office XP verifies a digital signature, Office XP will try to verify the certificate revocation list on the root certification authority (CA). Because the certificate revocation list of a CA is self-signed, many root CAs will not provide a certificate revocation list. However, if a verification of the root CA certificate revocation list is requested, a non-existent certificate revocation list may result in a message that indicates the risk of a certificate that is not valid.

If the program makes the request, Windows 2000 will try to verify the certificate revocation list. However, because a certificate revocation list for the root CA is not verified, Office XP does not request a certificate revocation list of the root CA, regardless of the request by Office XP.

WORKAROUND

To work around this issue, use one of the following methods:
  • Manually install the certificate revocation list to each workstation.

    Note As the certificate revocation list may expire frequently, you may have to repeat this method frequently. This method may not be suitable in large environments.
  • Use third-party public key infrastructure (PKI) add-on software.

RESOLUTION

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to systems that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next service pack that contains this fix.

To resolve this problem immediately, download the fix by clicking the download link later in this article or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question. The global version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 
   Date         Time    Size        File name     
   ---------------------------------------------
   10-Apr-2003  19:01	10,138,852  Sharedff.msp
   10-Apr-2003  17:13	 3,959,932  Sharedop.msp
After the hotfix is installed, the following files will have the listed attributes or later: 
   Date         Time   Version      Size       File name     
   -------------------------------------------------------
   10-Apr-2003  07:32  10.0.5208.0  9,939,528  Mso.dll
This fix is a post-Office XP Service Pack 2 (SP-2) fix. To install the fix, you must have Office XP SP-2 installed. For additional information about Office XP SP-2, click the following article number to see the article in the Microsoft Knowledge Base:

325671 OFFXP: Overview of the Office XP Service Pack 2

Additionally, you may have to install Windows Installer 2.0 to install this fix. For additional information about the Windows Installer requirement for post-Office XP SP-2 fixes, click the following article number to see the article in the Microsoft Knowledge Base:

330537 OFFXP: Office XP Updates and Patches Released After September 2002 May Require Windows Installer 2.0

MORE INFORMATION

To access the Digital Signature dialog box in either Word 2002, Excel 2002, or PowerPoint 2002, follow these steps:
  1. On the Tools menu, click Options.
  2. Click the Security tab, and then click Digital Signatures.
  3. Double-click the signature (or select the signature), and then click View Certificate to open the Certificate dialog box.
Modification Type:MinorLast Reviewed:9/27/2005
Keywords:kbHotfixServer kbQFE kbSecurity kbBug KB810370 kbAudEndUser kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.