Stack Overflow
Stack Overflow

Questions tagged [certificate-revocation]

Certification Revocation is a process through which we make sure that certificates that are no longer valid are not used by the relying clients

137 questions
1
vote
1 answer

CRL check in Java

I have set CertStore configured with locally stored CRLs. I want to carry out certificate validation using these locally stored CRLs only. In case if incoming connection's certificate does not match against any of these CRLs, it should not try to…
supraja
  • 93
  • 2
  • 11
1
vote
2 answers

unable to get certificate crl

I want to configure SSL in apache server with Client and Server authentication and CRL. Client and server certificates are working perfectly without CRL (SSLCARevocationCheck none) but if I unable CRL, I keep getting the following error in…
Patrice
  • 1,404
  • 1
  • 14
  • 27
1
vote
1 answer

getting serial number from CRL list

I have a revoked.crl Certificate Revocation List with some entries. how to retrieve serial number from it. when i use revoked method, it return array of entries like "#OpenSSL::X509::Revoked:0x007f944b1fd0d8" . can anyone tell me how to parse this…
Kavi
  • 11
  • 5
1
vote
1 answer

How to check client certificate revocation during validation process with local CRL file (C#)

I am trying to validate a client certificate using HttpClientHandler.ServerCertificateCustomValidationCallback. I have built my x509chain with my ChainPolicy parameters. I have locally my CRL (.pem) file and i would like to add it to the revocation…
Nicolas Terisse
  • 43
  • 1
  • 9
1
vote
1 answer

Java set default value for CRL path

How to set default CRL path in java. As now for certificates not containing CRL distribution point I get this: PKIX path validation failed: java.security.cert.CertPathValidatorException: Could not determine revocation status I've tried the…
mdavid
  • 563
  • 6
  • 20
1
vote
0 answers

CryptoAPI and CRLs

I'm facing problems with CryptoAPI's certificate chain validation, in particular with the revocation check. The problem is that I'm working under Windows CE (with no internet access), and CryptoAPI does not export CRL API's for it.…
0xdeadcode
  • 33
  • 3
1
vote
0 answers

What policy is NSURLSession using for its NSURLAuthenticationChallenge serverTrust?

Under the SecPolicy header, the SecPolicyCreateRevocation documentation states that "Note: it is usually not necessary to create a revocation policy yourself unless you wish to override default system behavior (e.g. to force a particular…
qnoid
  • 2,346
  • 2
  • 26
  • 45
1
vote
0 answers

OCSP and CrlClient takes aroung 1hour to complete revocation checking

I am trying to check for revocation of my certificate. I have CAcert certificate. It takes around 1hour for crlClient and also for OCSP to complete revocation checking of certificate.
Shubham Gupta
  • 43
  • 1
  • 7
1
vote
1 answer

Detect end of CRL file when downloading across established tcp connection

For various reasons, I am trying to download a CRL file using crude tools in C. I'm opening a tcp connection using good old socket(), sending a hardcoded plaintext http request via send(), reading the results into a buffer via recv(), and then…
Ben Barden
  • 2,001
  • 2
  • 20
  • 28
1
vote
1 answer

Certificate revocation list in LDAP

I need to store a Certificate Revocation List in LDAP server (OpenDJ). I have used ldapmodify command to store a certificate in the LDAP server by adding entries to LDIF files. However, I am not really sure how to go about adding a revocation list…
sunsin1985
  • 2,437
  • 5
  • 22
  • 27
1
vote
1 answer

CRL or OCSP for self-run certificate authority and android users

Which one is easier to use? I wonder if there is an easy yet durable solution for getting my users (android phones) be able to verify if other user's certificate is not revoked. After reading on the net, I am still confused if it is better to…
cyberPrivacy
  • 907
  • 10
  • 19
1
vote
1 answer

x509Chain revocation check failing on revoked but valid certificate

I cannot find any answers that address my exact situation so apologies if this is a duplicate. I am attempting to validate the certificate that we use to digitally sign our files which is working ok up to the point we revoke the certificate. That…
Akuma
  • 551
  • 1
  • 5
  • 21
1
vote
0 answers

Include reason per certificate when revoking using openssl

Is there any way to include a certificate revocation reason? I've found the way to do for the CRL but I want to include one every time I revoke a certificate. I have tried: openssl ca -revoke jlanza@a.b.es.crt.pem -crl_reason keyCompromise…
jlanza
  • 1,208
  • 3
  • 23
  • 43
1
vote
2 answers

Is there any benefit to enabling/disabling the CRL check in IIS 7?

Currently in our environment, we have CRL checking enabled for ADFS, but do we also need to leave CRL checking enabled for IIS7.5? Our IIS server is setup behind a firewall for outgoing traffic only, no incoming traffic. Are there any…
WeirdG
  • 21
  • 1
  • 4
1
vote
2 answers

Validate client certificate against Certificate Revocation List in Tomcat 7

What is common way of client certificate validation against CRL in Tomcat? One possible solution: Update server.xml, set up connector, set up key and trust store, and there is crlList parameter. There are 2 issues with that approach: Maintenance…
dejanmr
  • 47
  • 2
  • 8
1 2 3
9 10