问题
I would like to use OCSP checking for the certificate which is coming from the server during TLS handshake.
I am using Bouncy Castle as provider for OCSP implementation and BC verification methods want X509Certificate as parameter generally.
So; how can I follow and get incoming certificate chain at Java side and fetch it?
Thanks for your help.
回答1:
You can use HttpsURLConnection.getServerCertificates and cast the result to X509Certificate
HttpsURLConnection connection = ...
Certificate chain[] = connection.getServerCertificates();
X509Certificate cert = (X509Certificate)chain[0];
来源:https://stackoverflow.com/questions/51278027/getting-certificate-chain-from-tls-for-using-ocsp