my requirement is like that, I have a Client CA certificate in my machine, and I am getting a customer CA cert's encoded data from a request message's header. I have to validate the开发者_如何学C customar CA through Java-OCSP using openSSL.
Can anybody help me in terms of what the exactly Jars are required for it or is it possible at all?
Thanks, Suman
How to verify a certificate using OCSP is presented in this question: Verifying a certificate with Verisign OCSP Server As OpenSSL is a C/C++ program/library you have to call it via command line from within Java if you want to use it.
However if you are on Java - why not verify it using the OCSP capabilities of Java (or to be specific of Sun/Oracle Java).
It is simply deactivated but can be activated with a few lines of code:
PKIXParameters params = new PKIXParameters(anchors);
// Activate certificate revocation checking
params.setRevocationEnabled(true);
// Activate OCSP
Security.setProperty("ocsp.enable", "true");
This code was taken from Xuelei Fan's Blog. It also shows an example how to actually verify a certificate:
http://blogs.oracle.com/xuelei/entry/enable_ocsp_checking
Refer Book Beginning Cryptography with Java @spy [Wrox 2005] In chapter no 7 you will get more information about OCSPClient.
http://p2p.wrox.com/book-beginning-cryptography-java/42859-ocsp-request.html
精彩评论