[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [iaik-jce] TrustManager cert chain validation
>just a quick question regarding the cert validation capabilities of the TrustManager:
>Assuming I have initialised the TM with a root CA, (explicitly trusted for digital signature), is it possible to
>present an end-entity certificate (previously issued by the trusted CA) and have TM build the path from the end-
>entity cert up to the CA?
The TM will check if a cert chain is trusted; if you only provide the first certificate in a chain it won't try to fit it
with data it holds.
>I've been playing around with TM, and I'm having trouble trying to get this simple task to work. It seems like the
>TM does not construct the cert path at all. When calling Trustmanager.getTrustedCertChain(), I only get the end-
>Am I missing something obvious, or does TM not currently construct cert paths?
>If it's a case of me missing something obvious, does anyone have some demo programs that might help me
Just give the TM a cert chain with at least a certificate signed by the CA you defined previously.
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html
To unsubscribe send an email to firstname.lastname@example.org with the folowing content: UNSUBSCRIBE iaik-jce