Highest Voted 'ocsp' Questions

5

votes

1 answer

C# How to send OCSP Request correctly using bouncy castle library?

OCSP request does not fall into the Audit log table when I send it using Bouncy Castle library. I don't understand why? What is wrong with my code and how to solve it? I have a client certificate and issuer certificate. I create two…

c# cryptography pki ocsp

asked May 17 '19 at 11:25

Freeedy

101
3
9

5

votes

4 answers

Java Bouncy Castle OCSP Url

I am using bouncy castle 1.48 to verify certificate validation with OCSP. It works good. But I'm using Ocsp Url as static variable and I want to read it from certificate. Url is written in certificate as Authority Info Access [1]Authority Info…

java certificate bouncycastle ocsp

asked Apr 17 '13 at 11:31

nikodz

727
5
13

5

votes

3 answers

OCSP libraries for python / java / c?

Going back to my previous question on OCSP, does anybody know of "reliable" OCSP libraries for Python, Java and C? I need "client" OCSP functionality, as I'll be checking the status of Certs against an OCSP responder, so responder functionality is…

java python c ocsp

asked Sep 27 '08 at 12:12

JJarava

552
10
18

4

votes

1 answer

What tools are available to generate key-pair, enroll with SCEP, use for TLS server on .Net?

The specification I am working with requires that a key-pair be generated and a certificate be automatically enrolled via SCEP to a specified server and used as both a TLS server and client certificate with OCSP validation of the counterparty. Are…

.net compact-framework cryptography ocsp

asked Apr 20 '09 at 21:25

Jeffrey Hantin

35,734
7
75
94

4

votes

1 answer

why does openssl send the CA certificate in OCSP protocol

openssl ocsp program documented at http://www.openssl.org/docs/apps/ocsp.html requires that the client send the certificate AND the CA certificate to the ocsp resopnder. RFC 2560 for OCSP however, does not require that. Shouldn't the OCSP responder…

openssl ocsp

asked Jul 06 '11 at 09:45

doon

2,311
7
31
52

4

votes

1 answer

How to create PADES using offline signature and OCSP response

I'm stumped trying to figure out Esig DSS java suite just from docs and source. (eu.europa.esig.dss.* tree) We connect to Swedish BankID to sign PDF's and simple plain texts. Response is a SOAP XML with fields for the signature and an OCSP…

java digital-signature ocsp pades

asked Sep 11 '18 at 12:09

user1394389

43
6

4

votes

0 answers

Win32 API Certificate CRL-ONLY revocation check

I need to perform certificate revocation checks. The user must be allowed to select either OCSP-only, CRL-only, or both. The project is using C#, but .NET does not offer independent OCSP/CRL checks out-of-the-box. By default, Windows first checks…

c# winapi ocsp certificate-revocation

asked Apr 04 '18 at 15:00

user2233601

63
4

4

votes

2 answers

Microsoft OCSP Check (OCSP vs Lightweight OCSP) & confusing Responses by "certutil -url"

#Regular OCSP (RFC 6960) I have written an OCSP Responder where the Response based itself on the RFC 6960 which states that : If nextUpdate is not set, the responder is indicating that newer revocation information is available all the time. So I…

windows ocsp certutil

asked Feb 16 '18 at 09:38

Exception_al

1,049
1
11
21

4

votes

2 answers

Golang, sending OCSP request returns

I'm writing certificate revocation validation using OCSP request to get actual status. I send request, but getting error. ERROR: ocsp: error from server: malformed. I found error return in source: MalformedRequestErrorResponse = []byte{0x30, 0x03,…

http go x509certificate x509 ocsp

asked Oct 08 '17 at 02:22

Daniyar Baitursynov

63
2
7

4

votes

2 answers

why big sites do not use ocsp stapling?

I learnt something about ocsp recently. I check ocsp stapling of site by command like: $openssl s_client -connect www.stackoverflow.com:443 -status -servername www.stackoverflow.com I found my own site and stackoverflow and some other small…

facebook ssl https ssl-certificate ocsp

asked Sep 09 '17 at 07:09

zxdvd

428
4
15

4

votes

1 answer

How to handle both traditional OCSP and OCSP stapling on client side

Currently, I have an implementation where I send an OCSP request in the verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) function for every intermediate and end-entity certificate. The verify_callback function is set using the…

c openssl ssl-certificate ocsp

asked Dec 21 '16 at 16:25

shanzter

41
1

4

votes

0 answers

Using ocsp stapling in Android to verify certificate

I would like to verify (on enabled servers) the server certificate on HTTPS connections. My problem is I understood how it works, but I cannot find a reference implementation for Android. I was already thinking about to add that TLS extension to the…

android ssl ocsp

asked Feb 23 '16 at 06:09

rekire

47,260
30
167
264

4

votes

0 answers

Create OCSP Request manually in Node

I don't want to use this library (https://github.com/indutny/ocsp), because it makes some assumptions about my certificates that are non-standard. Assuming I have the hashes I need, I was wondering how I use the https.request function in order to…

node.js ocsp

asked Dec 15 '15 at 01:51

Gakho

603
1
9
18

4

votes

1 answer

Where are the Certificate Revocation List (CRL) stores?

As far as I know and as it is mentioned here there are two main technologies for browsers to check the revocation status of a particular certificate: using the Online Certificate Status Protocol (OCSP) or looking up the certificate in a Certificate…

ssl https certificate ssl-certificate ocsp

asked Sep 07 '15 at 04:45

Ebrahim Ghasemi

5,850
10
52
113

4

votes

1 answer

OCSP validation without issuer certificate

I am currently developing an application that validates signature certificates (like in a pdf) with OCSP or CRL. These will most likely be leaf certificates, without the entire chain. Getting the url to either validation services proved simple…

validation certificate ocsp

asked Apr 24 '14 at 14:22

user3472577

91
1
1
4

Questions tagged [ocsp]