Stack Overflow
Stack Overflow

Questions tagged [certificate-revocation]

Certification Revocation is a process through which we make sure that certificates that are no longer valid are not used by the relying clients

137 questions
3
votes
0 answers

Programmatically create a CRL using OpenSSL

I am trying to write a certificate managing application for an embedded system running on Linux using OpenSSL. I was able to implement certificate verification using my own certificate store. I am stuck at generating my own certificate revocation…
thilinaur
  • 141
  • 6
3
votes
0 answers

What's the appropriate process for performing a manual CRL check in a Mule flow?

For specific supplier reasons we need to perform a manual certificate revocation check in code. The code to perform the check is largely complete, the only part we are needing to do is pull the certificate out of the flow and verify it prior to any…
Adam Naylor
  • 6,172
  • 10
  • 49
  • 69
3
votes
1 answer

Revocation Certificate GPG

I have a problem understanding the sence of a revocation certificate in gpg. If I create a revocation certificate of my key, if its stolen or lost, I can import it and my key is now revoked. If I upload my key now to a keyserver, my key should not…
AndyB
  • 391
  • 2
  • 4
  • 17
3
votes
1 answer

How to check for revocation list only from the CRL?

I am using WinVerifyTrust to verify a file signature. the connection to the internet is very bad so I want to check only the local cache. The problem is that I am confused about how should I set the parameters in WinTrustData regarding…
user844541
  • 2,868
  • 5
  • 32
  • 60
2
votes
1 answer

Parsing a certificate revocation list in nodejs

I need to parse a crl (pem formatted) to check which certificates are revoked. I used to do this using this example, which worked fine until I switched to typescript. Now, I have import { fromBER } from 'asn1js'; import { CertificateRevocationList }…
Alb
  • 1,063
  • 9
  • 33
2
votes
0 answers

How to add CRLs to caStore created by Node-forge

I have create a caStore and want to add CRLs to it so that the caStore can reject the same when came across. I have looked everywhere but unable to find the same const pki = forge.pki; const asn1 = require('asn1js'); let caStore =…
karanpreet singh wadhwa
  • 31
  • 1
  • 6
2
votes
1 answer

How to enable OCSP stapling on java TLS server?

This post is cross-posted, so make sure you check for updates in coderanch. I'm quite stuck implementing OCSP revocation checking on my client/server application, I managed to make client-side OCSP work, I implemented my own OCSP responder with…
Alex
  • 51
  • 7
2
votes
0 answers

Copy a CRL that was created in Go

I created a CRL in Go (parsed it into PEM) and now I want to re-create the exact same CRL in Java (to obtain the same PEM). However, I'm not sure how to do this, I find that the CRL classes in Go and Java are very different. I created the CRL in…
rafaelqfigueiredo
  • 87
  • 9
2
votes
1 answer

Does X590Certificate.Build use OCSP if ChainPolicy RevocationMode Online is used?

If you have code like the following: is OCSP used for the 'online' revocation check? X509Chain ch = new X509Chain(); ch.ChainPolicy.RevocationMode = X509RevocationMode.Online; ch.Build (certificate); The API documentation is not explicit about…
Malcolm Tucker's Wyvern
  • 21
  • 2
2
votes
0 answers

spring boot don't pick up custmize trustManager

I work on webApi base on spring boot 2.0.3, and already enable ssl with self-signed certificates through application.properties, I add a new feature to validate local CRL and customized trustManager, but spring boot doesn't pick the code. could you…
Max
  • 21
  • 6
2
votes
1 answer

C# X509Certificate2.Verify without revocation test

I try to use X509Certificate2.Verify() function to check if a certificate chain is valid. The Verify function returns false and the ChainElementStatus returns "RevocationStatusUnknown". Is there a way to use the Verify function without the check of…
SchmidtA
  • 25
  • 1
  • 4
2
votes
1 answer

Add CRL (certificate revocating list) url to certificates

I am generating the root CA using the commands below: openssl genrsa -aes256 -out ca.key.pem -passout pass:KeyPassword 4096 openssl req -key ca.key.pem -passin pass:Password -new -x509 -days 365 -sha256 -out ca.root.pem and then I'm creating signed…
Cool Breeze
  • 738
  • 2
  • 10
  • 26
2
votes
1 answer

Excel - Revocation information for the security certificate for this site is not available

I am opening a XLS file over https (which runs over TLS 1.1). While opening file, I am getting error "Revocation information for the security certificate for this site is not available". If i uncheck "Internet Explorer -> Tools > Internet Options…
Vikas Jindal
  • 249
  • 3
  • 12
2
votes
1 answer

Issue creating a new CRL in OpenSSL

I am creating a 3rd party application using OpenSSL to create a new certificate revocation list for an embedded system. Here is my code crl = X509_CRL_new(); X509_CRL_set_version(crl, CRL_VERSION); X509_NAME *id = X509_NAME_new(); …
thilinaur
  • 141
  • 6
2
votes
0 answers

Is there a Java property to set the location of the CRL files instead of using CRL Distribution Point extension in X509 Certificate

Is there a Java (JDK8) property that can be used to provide CRL support to point to a file or directory containing lists? I have looked into com.sun.net.checkRevocation and com.sun.security.enableCRLDP properties, and it appears that the…
Usha
  • 29
  • 2
1 2
3
9 10