Field of the Invention
Aspects of the embodiments generally relate to an information processing apparatus, a control method for an information processing apparatus, and a storage medium.
Description of the Related Art
An information processing apparatus retains, in a retention unit, a digital certificate signed by a certification authority and issued by the certification authority. Then, the information processing apparatus transmits the digital certificate retained by the retention unit to an external apparatus so as to perform secure communication. Following that, the external apparatus inquires of the certification authority about the digital certificate transmitted by the information processing apparatus and determines whether the information processing apparatus is justifiable as a communication partner. Then, when determining that the information processing apparatus is justifiable as a communication partner, the external apparatus performs secure communication with the information processing apparatus.
An administrator of the certification authority may revoke a digital certificate issued by the certification authority even if the expiration date of the digital certificate has not yet passed. For example, in a case where a private key that is paired with a public key contained in a public key certificate issued by the certification authority has been leaked to the outside of the information processing apparatus, the administrator of the certification authority, when knowing that the private key has been leaked to the outside of the information processing apparatus, revokes the public key certificate.
A verification server discussed in Japanese Patent Application Laid-Open No. 2013-143762 sets update timing (for example, the first day of each month) of revocation information about public key certificates for each certification authority. Then, when a previously-set update timing has been reached, the verification server transmits, to the corresponding certification authority, an acquisition request for revocation information about public key certificates.
The administrator of the certification authority communicates, by e-mail, by telephone, or orally, information indicating that the administrator has revoked a digital certificate retained by an information processing apparatus to the owner of the revoked digital certificate (in other words, the administrator of the information processing apparatus). Then, the administrator of the information processing apparatus, when informed that the digital certificate retained by the information processing apparatus has been revoked, operates an operation unit of the information processing apparatus to perform an operation to replace the revoked digital certificate, which is retained by the information processing apparatus, by a valid digital certificate. Unless the operation to replace the revoked digital certificate by a valid digital certificate is performed by the administrator of the information processing apparatus, the information processing apparatus may attempt to perform secure communication with an external apparatus while directly using the revoked digital certificate. On the other hand, the external apparatus inquires of the certification authority about the digital certificate transmitted by the information processing apparatus and determines whether the information processing apparatus is justifiable as a communication partner. Then, since the digital certificate transmitted by the information processing apparatus has already been revoked, the external apparatus determines that the information processing apparatus is not justifiable as a communication partner. At this time, an error notification indicative of communication denial is sent from the external apparatus to the information processing apparatus as a response. However, the information processing apparatus is not notified by the external apparatus so far of the cause by which an error indicative of communication denial has occurred.
Examples of the cause by which an error indicative of communication denial occurs include, in addition to a digital certificate having been revoked, a cryptographic algorithm or encryption strength for use in cryptographic communication not satisfying a condition set in the external apparatus. Moreover, the cause by which an error indicative of communication denial occurs further includes, for example, an abnormality occurring in a network environment between the information processing apparatus and the external apparatus and, for example, an abnormality occurring in hardware of the external apparatus. On the other hand, unless the information processing apparatus waits until a next update timing of revocation information about digital certificates or unless the information processing apparatus receives an instruction for transmitting an acquisition request for revocation information about digital certificates, the information processing apparatus is not able to recognize that the digital certificate retained by the information processing apparatus has been revoked.