Stack Overflow
Stack Overflow

Questions tagged [certificate-revocation]

Certification Revocation is a process through which we make sure that certificates that are no longer valid are not used by the relying clients

137 questions
1
vote
0 answers

Invalid DER-encoded CRL data java

I am trying to check if x509 certificate is revoked or not: CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509CRL crl = (X509CRL) cf.generateCRL(crlFile); if (crl.isRevoked(certRSA)) { System.out.println("REVOKED"); } else { …
Madi Sagimbekov
  • 319
  • 5
  • 15
1
vote
3 answers

Programmatically installing certificate revocation list C#

I am using C#/WCF. I have a web service which shall be invoked by the client. This is the service definition:
Kay
0
votes
1 answer

Finding out which CA Certificate validated a CRL file authenticity

Given a certain CRL, for example: http://crl.verisign.com/pca1.crl Downloading it, and asking openssl to verify it and show its contents works like a charm: wget http://crl.verisign.com/pca1.crl openssl crl -in ./pca1.crl -inform DER -text verify…
Tom Feiner
  • 20,656
  • 20
  • 48
  • 51
0
votes
0 answers

How to recognize RevocationStatusUnknown or OfflineRevocation errors on X509Certificate validation?

I'm using the IWSTrustChannelContract class to issue a new SecurityToken. I'm creating the WSTrustChannelFactory in this fashion: new WSTrustChannelFactory(...) { TrustVersion = TrustVersion.WSTrust13, Credentials = { …
Kamil Gierach-Pacanek
  • 115
  • 1
  • 2
  • 9
0
votes
0 answers

Check certificate revocation status in Spring-WS

I implemented spring-ws application with validation of incoming request by signature action. It works correctly but I would like to enable revocation status verification of certificate by CRL file. But the incoming request always ends with an error…
Bully
  • 139
  • 1
  • 14
0
votes
1 answer

Given an X509 certificate revocation list in PEM format, how do I convert that to a list of serial numbers of revoked certificates?

I am in C#, but I can also do this task manually on the command line if need be. I have an X509 certificate revocation list in PEM format, generated by an HSM (hardware security module). Using openssl from a command line, I can see that the PEM file…
Claus Appel
  • 1,015
  • 10
  • 28
0
votes
1 answer

Okta certificate revokation

I am using Okta for SAML sign-on. I need to change the default self-signed certificate of Okta and use a certificate signed by third party. I need this because I need to revoke Okta certificate and check the OCSP flow in my server and check whether…
Bhuvana Dhanam
  • 43
  • 1
  • 5
0
votes
1 answer

How would you implement a CRL and certificate revocation checks?

How would a certificate authority create and maintain a certificate revocation list? When I browse through some CRLs I notice the number of certificates are huge (Eg - http://crl3.digicert.com/ssca-sha2-g6.crl) Is the CRL maintained/stored as a…
divyanshm
  • 6,600
  • 7
  • 43
  • 72
0
votes
1 answer

How to revoke certificate ".pfx"?

I am using an nginx setup, with a CRL. However, I do not have access to the certificates I want to revoke. Let's say I only know the CN/Thumbprint/... is that feasible? If not, I could have a workaround to actually have access to that certificate,…
Michel
  • 11
  • 2
0
votes
0 answers

OCSP Stapling support in Java 8

We are using Adopt OpenJDK 1.8. We want to enable OCSP Stapling on the server but it looks like it is introduced in OpenJDK 1.9. Does anyone know if there is any plan to backport OCSP Stapling in 1.8 as it is LTS release? Or are there any other…
Ravindra12jan
  • 331
  • 2
  • 13
0
votes
0 answers

Import CRL using C# CertAddCRLContextToStore

I am trying to add a crl to my cert store using Win32 api CertAddCRLContextToStore in C#. The below code is not working and failing while trying to parse the crl content to CRL_CONTEXT. Can we do this in any other way? Or am I missing something in…
saravanan
  • 398
  • 4
  • 13
0
votes
0 answers

Install CRL in windows using C#

I have a crl file. "Sample.crl", I need to install that into LocalStore using C# in windows. var decodedCertificateCollection = new X509Certificate2Collection(); var certBytes = File.ReadAllBytes("sample.crl"); …
saravanan
  • 398
  • 4
  • 13
0
votes
1 answer

CRL verification recursively

let's say I have Root CA -> Sub CA 1 -> Sub CA 2 -> leaf certificate. I need to check revocation status of leaf certificate by getting all CRLs that provided by Sub CA 2. If leaf cert is in CRL, means that it's no longer valid. Everything is still…
SoT
  • 898
  • 1
  • 15
  • 36
0
votes
1 answer

MariaDB 10.4.13 adding ssl_crl causes error reading authorization packet

I wanted to use certificate revocation lists in my mariadb database so that I can deny certain clients should i revoke their certificate. I created a certificate authority with openssl using a root CA and intermediate CA that signs the server and…
Anthony McGivern
  • 43
  • 4
0
votes
1 answer

Make MariaDB 10.3 on raspberry pi use OpenSSL instead of yaSSL

I have a raspberry pi setup using Raspbian Buster and created an OpenSSL Certificate Authority I intend to use with a mobile app. The root CA signs an intermediate CA that signs the server certificate for a MariaDB MySql server and using a self-made…
Anthony McGivern
  • 43
  • 4
1 2 3
9 10