Highest Voted 'ocsp' Questions

19

votes

2 answers

OCSP certificate stapling in Android

I've been banging my head on the wall for the past few days trying to implement OCSP validation in Android. So far in iOS has been easy to implement, but for Android every single piece of information I've come across just doesn't work. I've been…

android ocsp

asked Mar 21 '16 at 12:46

Rodrigo

733
1
10
26

18

votes

4 answers

OCSP Revocation on client certificate

How do I manually check for certificate revocation status in java using OCSP, given just a client's java.security.cert.X509Certificate? I can't see a clear way to do it. Alternatively, can I make tomcat do it for me automatically, and how do you…

java security tomcat x509certificate ocsp

asked Mar 01 '11 at 23:05

gtrak

5,598
4
32
41

13

votes

3 answers

CRL and OCSP behavior of iOS / Security.Framework?

I'm trying to figure out what iOS' policy is when verifying certificates using Security.Framework regarding revocation of certificates. I cannot find information about this in the docs for iOS. In the context of an iPad project I'm working on at the…

security ios x509certificate certificate-revocation ocsp

asked Apr 11 '11 at 18:19

Martijn Thé

4,674
3
29
42

12

votes

1 answer

OCSP response does not give Certificate Status

I created an OCSP client using Bouncy castle API. I am having a trouble in finding the Certificate Status (Saying whether its revoked or not) from the OCSP response I get. The value returned from resp.getCertStatus() is always null. This is how I…

java bouncycastle ocsp

asked Feb 26 '13 at 06:57

Jeewantha

965
1
11
28

10

votes

0 answers

How to check x.509 revocation using SecPolicyCreateRevocation in iOS 7

I've been trying to check X.509 certificates revocation status in iOS 7.0 using both OCSP and CRL in different moments and the evaluation returns kSecTrustResultUnspecified (that means the certificate is to be trusted) without actually checking with…

ios ios7 certificate ocsp

asked Nov 12 '13 at 12:07

Sandoval

113
7

9

votes

1 answer

Should I accept an OCSP responder certificate signed by the trust anchor?

Could someone please help me on the following? RFC2560 defines when an OCSP responder certificate (sigining the response) could be accepted: 1. Matches a local configuration of OCSP signing authority for the certificate in question; or …

java security cryptography pki ocsp

asked May 04 '11 at 19:42

Cratylus

52,998
69
209
339

8

votes

4 answers

Nginx; how to use OCSP to verify the SSL client certificate

I am using Nginx to create a secure connection; when I revoked the client certificate, I also can connect to Nginx by https, I know I should config the ssl_crl directives, but I want to use OCSP to verify the client certificate, How should I do? I…

ssl nginx ocsp

asked Dec 05 '15 at 08:21

Van_ZERO

89
1
3

8

votes

1 answer

OCSP Revocation Check On Entire Certificate Chain

When you request for an OCSP server to check the revocation status of a cert, does it automatically check the revocation status of the entire chain? i.e: if it says the cert is "good", then does that imply the entire chain is good? I read the spec:…

security ssl-certificate ocsp certificate-revocation

asked May 04 '12 at 14:58

Anthony

399
1
6
13

7

votes

3 answers

OCSP over SSL/TLS

As far as I know, OCSP only provides explicit means for requests and responses to be signed ([RFC2560, page 7] for requests, and [RFC2560, page 8] for responses), but it does not make any mention about encryption. Is it typical (or even possible,…

ssl ocsp confidentiality

asked Nov 11 '12 at 23:42

Ginswich

264
3
13

6

votes

1 answer

How to check OCSP client certificate revocation using Python Requests library?

How do I make a simple request for certificate revocation status to an EJBCA OSCP Responder using the Python requests library? Example: # Determine if certificate has been revoked ocsp_url =…

python python-requests client-certificates ocsp ejbca

asked Oct 19 '20 at 23:18

ericOnline

1,586
1
19
54

6

votes

0 answers

Clarification in configuring OCSP in tomcat

We can configure OCSP in tomcat using,

tomcat7 apr ocsp

asked Jun 29 '18 at 13:38

harish chava

252
2
19

6

votes

1 answer

Why do I get Verify error:unable to get local issuer certificate when I run openssl ocsp?

I'm trying to validate a client certificate on an OCSP server but it fails. This is the command that I'm trying to run: openssl ocsp -issuer test_ca_cert.pem -cert my_test_client_cert.pem -text -url http://demo.server.com/ocsp This is the…

ssl openssl ssl-certificate client-certificates ocsp

asked Jan 17 '17 at 16:09

ddreian

1,766
5
21
29

6

votes

1 answer

Why is the OCSP stapling callback called AFTER the verification callback?

I'm not an OpenSSL expert, but I've been trying to write some code to handle OCSP stapling for a client connecting to a SSL-secured server. My understanding of OCSP is that it is used to prove that the certificate being presented has not been…

openssl ocsp

asked Apr 30 '14 at 14:33

trime

61
4

5

votes

1 answer

OpenSSL certificate revocation check in client program using OCSP stapling

I have an embedded C client program that securely connects to a server using OpenSSL. The server provides its certificate during the handshake and the client has to check the revocation status of this certificate. Currently I do this by using…

c ssl openssl certificate ocsp

asked Mar 07 '12 at 19:06

mikhail

5,019
2
34
47

5

votes

1 answer

What is the use of the responderID in the OCSP response?

I am not clear on the use of the responder ID in the definition of the OCSP response. I am doing OCSP checks via Java's PKIX APIs. Using a third party library I get (during the OCSP response…

java security cryptography pki ocsp

asked May 08 '11 at 21:17

Cratylus

52,998
69
209
339

1

2 3

…

13 14 Next

Questions tagged [ocsp]