Checking a X509 Certificate Revocation

孤街浪徒 提交于 2021-02-19 06:41:14

问题


Is it possible to check any X509 Certificate if it is revoked or not? Actually, I made a Java application that just gets a regular https link and outputs the X509 certificate. I want to add a service in my application that check if this certificate has been revoked or not?

Is there a tutorial or a simple code to start with that can guide me to do that.

Thank you in advance


回答1:


Yes, of course the revocation status can be checked. If you want to do this "by hand", you need to extract the corresponding information from the certificate extensions, then retrieve the CRL or send the OCSP request.

But this is a very complex method, because it involves validation of signatures and certificates of the CRL and of the OCSP response.

Simpler ways are to use some existing mechanism. The answers ( https://stackoverflow.com/a/8507905/47961 and https://stackoverflow.com/a/10068006/47961) seem to provide some links and solutions.

If you need more control, BouncyCastle seems to have some validation mechanisms. Our SecureBlackbox offers powerful and flexible certificate validator as well (and it includes OCSP and CRL checks).



来源:https://stackoverflow.com/questions/21637708/checking-a-x509-certificate-revocation

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!