Certification Revocation is a process through which we make sure that certificates that are no longer valid are not used by the relying clients
Questions tagged [certificate-revocation]
137 questions
66
votes
3 answers
How to revoke an openssl certificate when you don't have the certificate
I made an openssl certificate signed by the CA created on the local machine.
This certificate was deleted and I don't have it anymore.
It is impossible to create another certificate with the same commonName because openssl doesn't allow it and will…
leszek.hanusz
- 5,152
- 2
- 38
- 56
36
votes
1 answer
iPhone App Store 'Prepare for Upload' forever
I added two applications to my iTunes Connect account 10 days ago or so. One was a 'light' version, the other I'll charge for. The full version is already on the app store, but the status of the free version hasn't gotten any further than 'Prepare…
Jonas Byström
- 25,316
- 23
- 100
- 147
22
votes
3 answers
Disabling certificate revocation checking for an application on Windows
I have a .NET 3.5 desktop application that had been showing periodic slow downs in functionality whenever the test machine it was on was out of the office.
I managed to replicate the error on a machine in the office without an internet connection,…
Colm Clarke
- 480
- 1
- 7
- 23
16
votes
1 answer
How does certificate revocation work with intermediate CA's?
Suppose a PKI hierarchy like below.
root CA ==> inter-1 CA ==> user-1
\
\======> inter-2 CA ==> user-2
My question is: does root CA also need to periodically download CRL from its children: inter-1 and inter-2?
Since user-1 and user-2 can…
user180574
- 5,681
- 13
- 53
- 94
13
votes
3 answers
CRL and OCSP behavior of iOS / Security.Framework?
I'm trying to figure out what iOS' policy is when verifying certificates using Security.Framework regarding revocation of certificates.
I cannot find information about this in the docs for iOS.
In the context of an iPad project I'm working on at the…
Martijn Thé
- 4,674
- 3
- 29
- 42
11
votes
1 answer
How to get CRL and OSCP Checking to work on iOS?
I can't get CRLs working on iOS. I've created two test cases. I have a certificate that is valid, issued by a CA. I have another certificate that is valid, issued by a CA, but the CA has added that certificate to its CRL.
I then setup a revocation…
Unome
- 6,750
- 7
- 45
- 87
10
votes
4 answers
TCP Socket - Java SSL Certificate Revocation Checking
I'm currently writing a network TCP server using SSL. In production, we'll finally require clients to authenticate with a certificate.
In order to revoke certificates in case of a emergency, we would also like to establish a CRL.
My question is:…
DoNuT
- 463
- 1
- 7
- 23
10
votes
1 answer
Offline revocation mode
My question is similar to this question.
I am trying to check revocation list only using the local CRL.
I am using X509Chain.Build() with the following parameters:
var chainMachine = new X509Chain(true);
…
user844541
- 2,868
- 5
- 32
- 60
9
votes
0 answers
Java - Security - Retrieve CRL data from a Certificate
Goal: Retrieve the Certificate Revocation List information for a given Certificate.
Reason: When a java.security.cert.PKIXParameters object is set to enable checking of certificate revocation status via PKIXParameters#setRevocationEnabled(true); it…
Spartan9209
- 549
- 5
- 10
8
votes
1 answer
Android: where should I look for certificate revocation list?
I would like to get the list of all revoked certificates list downloaded on an Android device? I know that this class allows you to check if a certificate is revoked or not, but I want to get the whole list of revoked certificates. Is it possible?…
Alex
- 1,914
- 6
- 26
- 47
8
votes
1 answer
Incompatibility between javax.security.cert.X509Certificate and java.security.cert.X509Certificate
I want to verify the X509 certificate presented by a client against a CRL to see if it has been revoked.
I have successfully instanciated a java.security.cert.X509CRL, but I am having problems retrieving the certificate of the session:
try {
…
user2891462
- 3,033
- 2
- 32
- 60
8
votes
2 answers
How to turn off certificate revocation for a WCF service's client?
How can I turn off certificate revocation for a WCF service's client?
The client proxy was generated by wsdl.exe and inherits SoapHttpClientProtocol.
Meidan Alon
- 3,074
- 7
- 45
- 63
8
votes
1 answer
OCSP Revocation Check On Entire Certificate Chain
When you request for an OCSP server to check the revocation status of a cert, does it automatically check the revocation status of the entire chain?
i.e: if it says the cert is "good", then does that imply the entire chain is good?
I read the spec:…
Anthony
- 399
- 1
- 6
- 13
7
votes
2 answers
Accepting expired CRL with BouncyCastle
I'm validating X509 certificates offline with bouncy castle and have run into a problem with older CRLs. I haven't found a possibility yet to accept CRLs which are expired, in my opinion if a certificate was revoked, it should stay revoked after the…
Markus
- 295
- 4
- 12
6
votes
1 answer
Howto create a certificate using openssl including a CRL distribution point?
I'm having problems using openssl to create a x509 certificate containing a crl distribution point for testing.
I've checked the documentation and found the configuration setting crlDistributionPoints for this purpose. Unfortunately openssl always…
Markus Kreusch
- 2,071
- 3
- 19
- 33