Stack Overflow
Stack Overflow

Questions tagged [certificate-revocation]

Certification Revocation is a process through which we make sure that certificates that are no longer valid are not used by the relying clients

137 questions
6
votes
1 answer

X509Certificate2.Verify() method, validating against revocation list and performance implications of it

I want to validate the X509 certificate. And I thought to go for X509Certificate2.Verify() method. However, the documentation does not tell anything about what all things it verifies. Please direct me to some documentation which provides details…
Learner
  • 4,661
  • 9
  • 56
  • 102
5
votes
3 answers

Revoking an expired certificate

Is revoking an expired certificate a good approach? An expired certificate is considered an invalid certificate, but it is possible to revoke it. Since it is possible to revoke it, it should be a valid approach by the CA. Doesn't the CA consider if…
always_a_rookie
  • 4,515
  • 1
  • 25
  • 46
5
votes
3 answers

Create CRL file with Bouncy Castle c#

I've build my own root CA certificate with Bouncy Castle, and I'm using it to build other certificates. I want to build a Certificate Revocation List (CRL) to include the list of revoqued certificates, using Bouncy Castle C#. Example: //Retrieve CA…
Julio Loizaga
  • 67
  • 1
  • 5
4
votes
0 answers

Using CRL in Springboot

I'am trying to set up a secure REST server with SpringBoot. (2.4.2) I am using: server.ssl.enabled=true server.ssl.client-auth=need And I managed to use CRL by using a ConfigurableServletWebServerFactory in my AppConfiguration: @Bean …
user3168726
  • 41
  • 1
4
votes
1 answer

Is there a way to check and clean Certificate Revocation List cache for ASP.NET Core application that is dockerized and run under the Linux?

We need to implement checks of client certificate validity in our ASP.NET Core 2.X application that is dockerized and run under Linux. In particular, we are interested in revocation status of certificates. Such validation was implemented by using…
Pylyp Lebediev
  • 1,991
  • 4
  • 26
  • 44
4
votes
0 answers

Win32 API Certificate CRL-ONLY revocation check

I need to perform certificate revocation checks. The user must be allowed to select either OCSP-only, CRL-only, or both. The project is using C#, but .NET does not offer independent OCSP/CRL checks out-of-the-box. By default, Windows first checks…
user2233601
  • 63
  • 4
3
votes
0 answers

Certificate CRL check in OSX

I am trying to do CRL check on macos catalina. I am doing exactly same as what is mentioned in https://developer.apple.com/forums/thread/97740 SecPolicyRef revPolicy = nil; revPolicy = SecPolicyCreateRevocation(kSecRevocationCRLMethod |…
digitizedx
  • 386
  • 5
  • 16
3
votes
1 answer

Run App Blocked Due To Certificate Revocation

I'm running Windows 10 Pro with the latest updates. Just today I started having an issue with a piece of legacy software: Wise (used to make installers). When I try to run it, I get the below error: "This app has been blocked for your Protection"…
bruestle2
  • 727
  • 1
  • 8
  • 22
3
votes
1 answer

Enable SSL certificate revocation checking in OpenJDK 11

Is there some quick "declarative" way in Java 11, instead of a tedious manual implementation, to enable checking if a certificate is revoked? I tried to use properties from this answer: Check X509 certificate revocation status in Spring-Security…
Roman Khomyshynets
  • 724
  • 1
  • 9
  • 12
3
votes
1 answer

openssl CLI - verify CRL of an entire certification chain

I'm using OpenSSL to verify a signed code in a custom PKI. How can I verify the CRL of each node of the cert hierarchy. My hierarchy is : RootCA -> SubCA1 -> SubCA2 -> EndUser. I can verify the CRL for one depth chain : ~/$ cat RootCA.crl.pem…
dvr33
  • 145
  • 1
  • 3
  • 11
3
votes
1 answer

Signature validation with CertPathValidator including CRL revocation

In the context of validating a signature, I want to verify the validity of the signing certificate in the time when the document was signed. I realized that CRL revocation check method is not used if I especify a past date while if I used current…
Lucas Grijander
  • 59
  • 8
3
votes
0 answers

CRL check during SSH connection

I have an Android application where I use HttpURLConnection for SSL connection to my server. The server certificate contains CRL Distribution Points with valid URI. This certificate was revoked and CRL by URI contains this information. But I don’t…
IrM
  • 41
  • 5
3
votes
1 answer

Verifying a certificate against a CRL via OpenSSL: Unable to get certificate CRL

I am having a problem about verifying a certificate against the CRL that was created by the same CA that created the certificate. I have created my own certificate authority (CA) and an intermediate CA. By using this intermediate CA, I created…
Samet Tonyalı
  • 214
  • 2
  • 9
3
votes
2 answers

Is there a (simple) way to parse CRL in Python?

I'm trying to do something stupid: load a CRL and output the list of revoked certificates serials. With M2Crypto loading the CRL is done with: import M2Crypto crl = M2crypto.X509.load_crl('my.crl') But i'm really surpised that the returned object…
ohe
  • 3,461
  • 3
  • 26
  • 50
3
votes
1 answer

How to enable OCSP in X509TrustManager?

System.setProperty("com.sun.net.ssl.checkRevocation", "true"); Security.setProperty("ocsp.enable", "true"); Is setting these properties really sufficient to enable OCSP? If so, then why we need bouncy castle OCSP support instead of just setting…
mdavid
  • 563
  • 6
  • 20
1
2
3
9 10