[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] TrustManager cert chain validation



Hi,

>just a quick question regarding the cert validation capabilities of the TrustManager:
 
>Assuming I have initialised the TM with a root CA, (explicitly trusted for digital signature), is it possible to 
>present an end-entity certificate (previously issued by the trusted CA) and have TM build the path from the end-
>entity cert up to the CA?

The TM will check if a cert chain is trusted; if you only provide the first certificate in a chain it won't try to fit it
with data it holds.

>I've been playing around with TM, and I'm having trouble trying to get this simple task to work. It seems like the 
>TM does not construct the cert path at all. When calling Trustmanager.getTrustedCertChain(), I only get the end-
>entity cert. 
 
>Am I missing something obvious, or does TM not currently construct cert paths?
 
>If it's a case of me missing something obvious, does anyone have some demo programs that might help me 
>out?
 
Just give the TM a cert chain with at least a certificate  signed by the CA you defined previously.

Regards,

André
 




--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce