certificate-revocation

问题 I am developing a Python 3.4 application component which checks if a URL's certificate exists in the CRL provided by its CA. I am using a cryptography package to load a certificate as well as the CRL. Below is the section of the code; from cryptography import x509 from cryptography.hazmat.backends import default_backend from cryptography.x509.oid import ExtensionOID from cryptography.x509.oid import NameOID import urllib.request URL = "www.xxx.com" cert_str = ssl.get_server_certificate((URL

问题 I am developing a Python 3.4 application component which checks if a URL's certificate exists in the CRL provided by its CA. I am using a cryptography package to load a certificate as well as the CRL. Below is the section of the code; from cryptography import x509 from cryptography.hazmat.backends import default_backend from cryptography.x509.oid import ExtensionOID from cryptography.x509.oid import NameOID import urllib.request URL = "www.xxx.com" cert_str = ssl.get_server_certificate((URL

问题 Is there some quick "declarative" way in Java 11, instead of a tedious manual implementation, to enable checking if a certificate is revoked? I tried to use properties from this answer: Check X509 certificate revocation status in Spring-Security before authenticating with this dummy revoked certificate: https://revoked.badssl.com but the code always accepts the certificate. Am I doing something wrong or these properties are no more actual for Java 11? If so, do we have any alternatives? Below

问题 I try to use X509Certificate2.Verify() function to check if a certificate chain is valid. The Verify function returns false and the ChainElementStatus returns "RevocationStatusUnknown". Is there a way to use the Verify function without the check of the RevocationStatus? The RevocationStatus can't be checked without internet connection? Is there a other function to check the chain and certificates wihtout the RevocationStatus? A dirty solution, is to check if the RevocationStatus is the only

问题 I'm trying to make a certificate revocation list using the python cryptography library. So far I haven't been successful. I am able to generate the certificates with the same library. The certificates work because I am able to use them for a connection with MQTT. The problem is when I try to revoke one of the certificates. Then no connection works and I receive an error: It would be nice if someone tell me what I am doing wrong. Thanks in advance. This is my code: # THIS CERTIFICATE I WANT TO

问题 I sign a PDF and I add update version in which I write the DSS with its CRLs, Certs, VRI. 19 0 obj [15 0 R 16 0 R] endobj 20 0 obj [13 0 R 14 0 R] endobj 11 0 obj [15 0 R 16 0 R] endobj 12 0 obj [13 0 R 14 0 R] endobj 17 0 obj << /CRL 11 0 R /Cert 12 0 R >> endobj 18 0 obj << /5F44CF6F351DFD45FB62F3D0ED046408BC892797 17 0 R >> endobj 21 0 obj << /VRI 18 0 R /CRLs 19 0 R /Certs 20 0 R >> I am confused about how should I write the Certificate and CRL streams. 15 0 obj << /Length 1454 /Filter

问题 I am have digitally signed a pdf using digital token attached in pc using libarary itext sharp to append same, when i open same in adobe reader it shows revocation can not be performed and when i see details then it shows that one of the issuers certificate's revocation is not checked with error : error encountered while BER decoding. path to my plain signed pdf: https://www.sendspace.com/file/vqgl53 As a solution i thought if i can add CRL information itself in document(my plain signed pdf)

问题 I've build my own root CA certificate with Bouncy Castle, and I'm using it to build other certificates. I want to build a Certificate Revocation List (CRL) to include the list of revoqued certificates, using Bouncy Castle C#. Example: //Retrieve CA root certificate X509Store CAstore = new X509Store(StoreName.Root, StoreLocation.CurrentUser); CAstore.Open(OpenFlags.ReadWrite | OpenFlags.OpenExistingOnly); X509Certificate2Collection x509Certificate2Collection = CAstore.Certificates.Find

问题 Is there any issue, if I revoke my development certificate regularly (10 times / month) ? Let consider I'm developing 3 application using different systems with 1 development certificate and 3 provisioning profiles . Regularly I'm adding new devices to all our provisional profiles . When installing provisioning profile in other 2 machines, Xcode Organizer shows an warning as " A valid signing identity matching this profile could not be found in your keychain " . So i just revoked my earlier

问题 I'm having problems using openssl to create a x509 certificate containing a crl distribution point for testing. I've checked the documentation and found the configuration setting crlDistributionPoints for this purpose. Unfortunately openssl always generates x509 version 1 certificates without instead of version 3 certificates with the crl distribution point. I'm sure something is wrong with my command or the configuration but reading the documentation carefully and playing around with the