Online Certificate Status Protocol
Standardized by IETF RFC 2560, the PKIX Online Certificate Status Protocol defines a protocol for requesting the revocation status of a digital certificate.
Questions tagged [ocsp]
210 questions
0
votes
1 answer
Embedding OCSP certificate status in PDF signature: not working when the OCSP responderCert != issuerCert
In order to sign a PDF i use signDetached.
...
OcspClient ocspClient = new OcspClientBouncyCastle();
MakeSignature.signDetached(appearance, digest, pks, chain, crlList, ocspClient, tsaClient, estimatedSize, subfilter);
The PDF is signed without…
G00s2
- 3
- 3
0
votes
1 answer
Validation of certificate in java 5?
I am looking for an example for OCSP validation of client certificate in java 5. Also how the configuration in java.security file is used for this purpose?
Deep
- 5,772
- 2
- 26
- 36
0
votes
1 answer
How to Send OCSP Request and receive OCSP response on Mobile Phone
I need to make comparison (on the basis of time) on OCSP request/response between a mobile device and desktop clients. I understand that one can use OpenSSL and other similar command line tools to check OCSP on desktop clients. But I don’t know how…
Durojaiye Luqman
- 31
- 1
- 4
0
votes
0 answers
crl vs ocsp revocation with iText
I have read all the white papers on the subject, successfully signed certified and time stamped my pdf document, but confusion arises when I want to do revocation.
When I don't implement crl or ocsp in my signature properties/revocation I get that…
caniaskyouaquestion
- 657
- 2
- 11
- 21
0
votes
1 answer
Where does Java webstart expect the OCSP responder URI?
Since Java 1.7.0_51 Java webstart refuses to run applications that are not signed by a trusted authority. Now we have our application signed by a certificate that itself is signed by a trusted CA.
However we still get the warning that the revocation…
radlan
- 2,393
- 4
- 33
- 53
0
votes
1 answer
OCSP_basic_verify:signer certificate not found with my own ocsp responder
I'am developing my own OCSP responder.
First, I just want to send an OCSP request with openssl to my responder and receive a correct answer.
I have a CA certificate CA.crt and its son RC.crt. I want to check status certificate of RC.crt.
My…
Dinou
- 51
- 1
- 6
0
votes
1 answer
How to Disable the Check for Server Certificate Revocation in windows phone 8
In my wp8 app,
I enter a open wifi which is operated by communication operator
blocked by a portal page that needs using account and password to log in
after I post some data to a https url
I have the ability to use the wifi network to access…
IloveIniesta
- 342
- 4
- 20
0
votes
1 answer
Set up responder url(s) for OpenAM OCSP validation
I am trying to configure OpenAM 12.0.0 Build 8410 with OCSP validation
user. According to documentation, openam should pull ocsp responder address
from AIA of my certificate. However, in my case it does not pull, still
gives out CertPath:verify…
Bigyellowbee
- 123
- 1
- 12
0
votes
1 answer
Active Directory Certificate Services - OCSP responder web proxy cache entries sync between nodes
I use Windows 2012 ADCS and I have a cluster of OCSP responders with 2 nodes.
The OCSP cluster share a single revocation configuration.
I have read into documentation that revocation configuration is synchronized between members of an Array but I…
righettod
- 225
- 1
- 3
- 15
0
votes
1 answer
make OCSP response unique
I sign document with PADES LTV Profile. Signer library is written base on Pdfbox library.
I have one problem.
In PADES LTV profile, the final revision must be checked in online (It means that OCSP responses, CRLS and certificates of this revision…
grep
- 5,465
- 12
- 60
- 112
0
votes
3 answers
nginx proxy doesn't cache OCSP responses
I want to use nginx as a caching proxy in front of an OCSP responder. 'An OCSP request using the POST method is constructed as follows: The Content-Type header has the value "application/ocsp-request" while the body of the message is the binary…
jans
- 1,768
- 3
- 17
- 22
0
votes
1 answer
How to use OCSP responses in validation of CertPath
I don't want the Java validator to contact the OCSP responder.
I'm working on XAdES library, as such I'll need to use OCSP responses that somebody saved in the XML document to validate if the signatures were valid at some time in past. That makes it…
Hubert Kario
- 21,314
- 3
- 24
- 44
0
votes
0 answers
Preventing .NET from checking code signing certificate's revocation status for certain assemblies
I'm looking for a way to instruct the .NET runtime, that it shall not check online the revocation status of a code signing certificate with the respective certification authority for certain assemblies. These assemblies run within a SharePoint 2010…
Ondrej Tucny
- 27,626
- 6
- 70
- 90
0
votes
0 answers
How to initialize X509_STORE object in OpenSSL?
I'm trying to implement OCSP functions of OpenSSL as described here and it requires X509_STORE object as a parameter. I have x.509 certificate that I want to check revocation status for, it's issuer certificate and the URL of the OCSP host.
How to…
Elvin R.
- 852
- 1
- 10
- 20
0
votes
0 answers
How to obtain the OCSP revocation status of an X.509 digital certificate using OpenSSL in Objective-C?
How to check revocation status of x509 certificate (which I currently have in .cer format) using Objective-C (iOS) and OpenSSL OCSP library?
Elvin R.
- 852
- 1
- 10
- 20