Stack Overflow
Stack Overflow

Questions tagged [certificate-revocation]

Certification Revocation is a process through which we make sure that certificates that are no longer valid are not used by the relying clients

137 questions
1
vote
0 answers

BouncyCastle FIPS mode - check SSL certificate revocation using CRLDP

I am using bouncyCastle library with FIPS mode enabled for SSL communication. So, I have only 3 providers in java.security file as…
keenUser
  • 1,279
  • 3
  • 16
  • 33
1
vote
1 answer

CRL validity openssl

I need to verify that the downloaded crl is actually the one generated by the CA, and not modified by a potential attacker. is there any way to verify this with openssl commands from linux os? In other words, i need to verify CRL signature against…
Da Nio
  • 302
  • 1
  • 6
  • 16
1
vote
0 answers

Updating Hyperledger Fabric peers/channels when revoking a certificate of a user

I am trying to implement a Hyperledger Fabric 2.0 network, on which users' certificates are going to be potentially revoked at some point in time. I am able to successfully revoke certificates and update local clients' msp with the new CRL. I cannot…
Ciro Alvaro
  • 33
  • 3
1
vote
1 answer

Revoking users in Hyperledger Fabric

I am working on a Hlf Project and am trying to revoke a user certificate. I am using the node sdk with the vscode ibm extension tool. So far i got to the point that i can revoke users via the sdk. Then i'll need to generate the CRL and update the…
ArtWes
  • 11
  • 1
1
vote
1 answer

Verify certificate chain against CRL with openssl

I'm trying to learn about certificate and CRL handling, so I created the following example certificate chain: Root CA (self-signed) → Intermediate CA (signed by Root CA) → Server Cert (signed bei Intermediate CA) Now I would like to test certificate…
ahuemmer
  • 1,653
  • 9
  • 22
  • 29
1
vote
1 answer

x509Certificate revocation check using RemoteCertificateValidationCallback in C#

In my C# project I pass a custom implementation of the RemoteCertificateValidationCallback delegate to an SslStream. It is then used to validate a server certificate. The custom implementation checks the sslPolicyErrors flag that the default…
JonyVol
  • 366
  • 1
  • 9
1
vote
0 answers

Does Java Check cRLSign KeyUsage bit for CRL Issuing Certificates?

I'm using Java implementation for revocation checking using CRL which is like the following code (I tailored the code to be short and clear) TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); CertPathBuilder cpb =…
user111111i88
  • 11
  • 3
1
vote
1 answer

Checking certificate by x509Crl.IsRevoked() method in BouncyCastle library in C#?

I'm trying to check the certificate with its revocation list (crl-file). In BouncyCustle library there is a method x509Crl.IsRevoked(), that should be used for this. The point is that it gets x509Certificate object as a parameter, but I can't…
Alex Ilyin
  • 87
  • 9
1
vote
0 answers

Make "crlFile" property in tomcat dynamic

For performing client certificate authentication(SSL) at server side for revocation, we can add property crlFile in tomcat connector. But this process is static means if the crlFile in that location updates, tomcat wont pick new CRLs it still binded…
harish chava
  • 252
  • 2
  • 19
1
vote
1 answer

Understanding Certificate Revocation Lists

Im trying to get my head around how Certificate Relocation Lists operate and how they update. So say my server xyz.com has a certificate with a CRL Distribution Point configured as myissuer.com/thelist.crl Now ive monitored the communication on my…
CathalMF
  • 9,705
  • 6
  • 70
  • 106
1
vote
0 answers

Revoke existing certificate in openssl

I have created openssl certificates so i have .crt and .key file. If I want to add those certificates in existing certificate revocation list then how can we do that ? I have tried with below code. #include #include #include…
Neel
  • 451
  • 1
  • 9
  • 23
1
vote
0 answers

Certificate and key abuse

I made a mistake several years ago by uploading OpenSSL certificate key (.pem and .pk8) into a blog post. The key was used to sign Android apk using SignApk.jar tool. Someone took it and used the key to sign malware apps and the bad story was i put…
Lorensius W. L. T
  • 1,734
  • 4
  • 19
  • 31
1
vote
1 answer

Azure certificates and certificate revocation lists (CRL)

All, Does anyone have a best a view on best practice for CRL usage on Azure? Background: Azure hosted service that uses Client certificates for authentication. We have a CA (that we own, manage and trust) and issue a chained certificate to a client…
Aidanapword
  • 288
  • 1
  • 13
1
vote
0 answers

Behavior of Firefox when self signed certifcate in the server is changed

I have a webserver (running on a small embedded device) which issues self signed certificate. Firefox connects to the server and the page is loaded fine. We have a web client that continuously requests data from the server. When the server…
Nagesh Hegde
  • 11
  • 1
1
vote
0 answers

Iphone Push Notification: Certificate revoked

I've an Iphone application made with Titanium, I've enabled notifications. In order to send the notifications (sandbox) I'm using https://github.com/simonwhitaker/PyAPNs, everything was working great. But suddenly when I try to send a…
Félix
  • 53
  • 1
  • 5
1 2 3
9 10