Stack Overflow
Stack Overflow

Questions tagged [certificate-revocation]

Certification Revocation is a process through which we make sure that certificates that are no longer valid are not used by the relying clients

137 questions
0
votes
1 answer

How to obtain certificate revocation URL's?

For firewall purposes, trying to identify the cert revocation URL's for the major root CA's. Are these documented somewhere?
user2368632
  • 990
  • 1
  • 12
  • 33
0
votes
1 answer

x509Chain.build fails, certutil -verify passes

I have a root certificate and a leaf. The leaf has a CRL URL OID extension which points to a valid online location. Doing this: certutil -verify .\leaf.cer fails with ERROR: Verifying leaf certificate revocation status returned The revocation…
serkan
  • 5
  • 1
  • 3
0
votes
1 answer

How do you encode the Certificate Revocation List (CRL) stream bytes in PDF?

I sign a PDF and I add update version in which I write the DSS with its CRLs, Certs, VRI. 19 0 obj [15 0 R 16 0 R] endobj 20 0 obj [13 0 R 14 0 R] endobj 11 0 obj [15 0 R 16 0 R] endobj 12 0 obj [13 0 R 14 0 R] endobj 17 0 obj << …
Petru Avramescu
  • 29
  • 7
0
votes
1 answer

How to get revocation status of an X509 certificate with DSS?

I am trying to validate an X509 certificate based on its revocation status using DSS framework, where do you find it? I am using this piece of code to validate the certificate with CRL and OCSP. I want to find out if the toValidateToken has been…
Posfay
  • 3
  • 3
0
votes
1 answer

How to check the Certificate Revocation Lists (CRL) of Android's KeyStore?

I want to use Android's hardware KeyStore feature, so I used a Pixel3 phone to get the certificate chain of the KeyStore object, as seen in this article. Looking at one specific .cer file for example, the CRL Distribution Point is…
emilanov
  • 362
  • 4
  • 15
0
votes
1 answer

add revocation detail in pdf while signing same

I am have digitally signed a pdf using digital token attached in pc using libarary itext sharp to append same, when i open same in adobe reader it shows revocation can not be performed and when i see details then it shows that one of the issuers…
Urmi_VV_Developer
  • 71
  • 12
0
votes
1 answer

Python cryptography: update an existing CRL with additional revoked certificates

I am trying to add additional certificates to an existing CRL using the Python cryptography project: https://cryptography.io/ Looking at the docs for the CRL builder I don't see a way to load an existing CRL, make additions with…
Joenarr Bronarsson
  • 515
  • 2
  • 5
  • 20
0
votes
0 answers

Certificate Revocation check failing in Windows Server 2016

Command certuil.exe -verify fails with the error - 'Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)' in Windows server 2016. The error is not seen in 2012 \ 2008. Any help would be appreciated.
Shravan T S
  • 1
  • 1
0
votes
1 answer

How to insert entries into a Certificate Revocation List

I have an existing CRL that I would like to use with my apache instance via the SSLCARevocationPath directive. In order to test it and ensure it's working, I want to add an entry in the CRL for my own PIV cert information. This entry would look like…
EgerStu
  • 25
  • 7
0
votes
2 answers

Disable CRL check for VB6 applications

One of our customers has an issue with our applications - they take about 2 minutes to start. I ran Process Monitor along with one of the simplest applications and found out the process is trying to connect to verisign.com. The computer running the…
pilvikala
  • 66
  • 1
  • 5
0
votes
1 answer

Converting a Certificate Revocation List (CRL) file from .crl to .pem extension - Python 3

I am developing a Python 3.4 application component which checks if a URL's certificate exists in the CRL provided by its CA. I am using a cryptography package to load a certificate as well as the CRL. Below is the section of the code; from…
popNT
  • 31
  • 3
0
votes
1 answer

Windows LDAP client - enabling revocation via CRL

I am using the Windows LDAP client DLL (wldap32.dll) to connect to a remote LDAP server. The connection is done over TLS (LDAPS protocol over port 636). My problem is with enabling CRL revocation. I have found that it's possible to set the schannel…
Amit
  • 173
  • 1
  • 1
  • 9
0
votes
1 answer

OpenSSL: Verifying a certificate against a CRL returning "unable to get issuer certificate" on OS X 10.11.6 El Capitan

I am using following script to verify the certificate against crl on OS X 10.11.6 El Capitan. host=wikipedia.org port=443 openssl s_client -connect $host:$port 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' > $host.pem crlurl=$(openssl x509…
MUsman
  • 1
  • 3
0
votes
1 answer

Certificate Revocation of Java Application

I have a Glassfish application which is using SSL Certificate authorized by private CA. When I launched a Glassfish application in client within intranet (without internet connection), it will prompt me errors (See Image1). Both errors show that…
user.tan
  • 1
  • 1
0
votes
1 answer

Certificate Revocation handling with CRL in Vertx and Java

I'm using Vertx v3.4.1 with vertx-rx-java to run my server. I have to enable certificate based authentication (mutual authentication), hence trying to handle certificate revocation check in the server side. I'm trying to use addCrlPath method of…
ramtech
  • 757
  • 6
  • 15
1 2 3
9 10