0

SignedCms.ComputeSignature(cert) is very slow at the first request (rather intermittent) ,sometimes taking 20 sec. Tried the solution below, but didnt work since we cannot avoid that part of signature.

Message Signing using X509 certificate

Can anyone please throw some light on why this statement is very slow and is there any resolution for it.

Community
  • 1
  • 1
sreejithpin
  • 181
  • 1
  • 1
  • 5

1 Answers1

0

Most likely this issue is related to signer (and counter-signer, if available) certificate validation, which requires chain building and revocation checking by downloading required objects (certificates, CRLs, OCSP). Network retireval may cause such delays. In addition, there might be issue with CDP/AIA extension URLs which contain inaccessible URLs.

What I would suggest to do: extract signer certificate to a file and run certutil command against this file:

certutil -verify -urlfetch path\signer.cer

and examine output. Pay attention to URL retrieval information. If presented, repeat this command against counter-signer (timestamp) certificates. If necessary, post certutil output here to get additional help.

Crypt32
  • 12,850
  • 2
  • 41
  • 70
  • Sorry for the delay, Also I forgot to mention one thing. We are seeing this poor response time at regular interval (once in every 20 - 25 min).This happens when we use Active Directory Service account configured with IIS app pool. However if we configure Local System as App pool User this issue is negligible in magnitude, but frequency remains same. – sreejithpin Feb 24 '16 at 14:07