CAFile - Name of a file containing trusted Certificate Authority certificates
Used by VerifyCertChain

CRLFile - Name of a file containing Certificate Revocation lists (optional) Used by VerifyCertChain

Output from running $SYSTEM.Encryption.X509VerifyCertChain as executed by VerifyCertChain on Certificate with CAFile and optional CRLFile

X.509 digital certificate

Boolean test result of checking if the number of days between the ValidityNotBefore and the ValidityNotBefore fields in Certificate is less than the maximum number of days used by VerifyLifeSpan
The default maximum days is set to 730.

Boolean test result of checking if ValidityNotAfter field in Certificate is after or the same as the current time.

Boolean test result of checking if ValidityNotBefore field in Certificate is before or the same as the current time.

Status returned by %Net.HttpRequest CheckSSLCN method when SSLCheckServerIdentity is true.
By examining the return from %Net.HttpRequest Send the RetrievePeerCertificate will set this to $$$OK if the return from Send is $$$OK or the errors SSLCertificateNoMatch or SSLNoCertificate as returned by %Net.HttpRequest Send
If a different error is returned then SSLCNCheck is left as empty

Convenience method to prepend Extension: to the pX509Extension before calling Field

Call X509GetField on the Certificate for the pX509Field
Returns in the pStatus status of the call.
See %SYSTEM.Encryption for documention on the X509GetField method.

Convenience method to call RetrievePeerCertificate using a %Library.DynamicObject to create the initial %Net.HttpRequest object and provide the other optional parameters.
The structure of the pHttpInfo dynamic object is:
{"url":,
{"verb":},
{"request":{"properties of %Net.HttpRequest...","Server":"docs.intersystems.com","SSLConfiguration":"ClientSSLConfig"}}

Convenience method to make an HTTPS Request that will populate the SSLPeerCertificate property of %Net.HttpRequest using a pre-existing %Net.HttpRequest object and instantiate pSSLPeerCert of type %Net.X509Certificate if the certificate was retrieved or Server identification check failed.
For convenience the property SSLCheckServerIdentity is set to true.
pURL defaults to /
pVerb defaults to OPTIONS
The status returned will be the status returned by the %Net.HttpRequest Send method unless the error is $$$SSLNoCertificate or $$$SSLCertificateNoMatch in which an $$$OK will be returned and the SSLCNCheck will contain SSL Server Identity Check error.

Run the methods:
VerifyCertChain if pVerifyCertChains is true (the default is true)
VerifyLifeSpan using pLifeSpanMaxDays (the default is 730 days)
VerifyNotBefore
VerifyNotAfter
This method returns true if the checks that were run passed and and if the initial SSL Server Identity check (SSLCNCheck) passed.

Output from running $SYSTEM.Encryption.X509VerifyCertChain as on Certificate with CAFile and optional CRLFile.
Also populates return in CertChainCheck

Boolean test result of checking if the number of days between the ValidityNotBefore and the ValidityNotBefore fields in Certificate is less than the maximum number of days used by pMaxDays
The default maximum days is set to 730.
The result is also stored in LifeSpanCheck
If an error is encountered retrieving the value of ValidityNotBefore or ValidityNotAfter from the certificate the returned value is False.

Boolean test result of checking if ValidityNotAfter field in Certificate is after or the same as the current time.
The result is also stored in NotBeforeAfter
If an error is encountered retrieving the value of ValidityNotAfter from the certificate the returned value is False.

Boolean test result of checking if ValidityNotBefore field in Certificate is before or the same as the current time.
The result is also stored in NotBeforeCheck
If an error is encountered retrieving the value of ValidityNotBefore from the certificate the returned value is False.