2

my requirement is like that, I have a Client CA certificate in my machine, and I am getting a customer CA cert's encoded data from a request message's header. I have to validate the customar CA through Java-OCSP using openSSL.

Can anybody help me in terms of what the exactly Jars are required for it or is it possible at all?

Thanks, Suman

suman
  • 21
  • 1
  • 2

2 Answers2

1

Refer Book Beginning Cryptography with Java @spy [Wrox 2005] In chapter no 7 you will get more information about OCSPClient.

http://p2p.wrox.com/book-beginning-cryptography-java/42859-ocsp-request.html

MayurB
  • 3,609
  • 2
  • 21
  • 36
1

How to verify a certificate using OCSP is presented in this question: Verifying a certificate with Verisign OCSP Server As OpenSSL is a C/C++ program/library you have to call it via command line from within Java if you want to use it.

However if you are on Java - why not verify it using the OCSP capabilities of Java (or to be specific of Sun/Oracle Java).

It is simply deactivated but can be activated with a few lines of code:

PKIXParameters params = new PKIXParameters(anchors);
// Activate certificate revocation checking
params.setRevocationEnabled(true);
// Activate OCSP
Security.setProperty("ocsp.enable", "true");

This code was taken from Xuelei Fan's Blog. It also shows an example how to actually verify a certificate:

http://blogs.oracle.com/xuelei/entry/enable_ocsp_checking

Community
  • 1
  • 1
Robert
  • 39,162
  • 17
  • 99
  • 152
  • The link to the oracle blog of xuelei is not available anymore but it can be found here: https://web.archive.org/web/20131214194138/https://blogs.oracle.com/xuelei/entry/enable_ocsp_checking – Josef Reichardt Mar 19 '19 at 13:51