[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] How to obtain a certificate chain

To: "Nauman Ahmad Khan" <lashary@hotmail.com>, iaik-jce@iaik.at, iaik-ssl@iaik.at
Subject: Re: [iaik-ssl] How to obtain a certificate chain
From: Lei Gu <lgu@lightbridge.com>
Date: Thu, 29 Nov 2001 06:44:11 -0500
In-Reply-To: <OF2AD7D47A.36985FF4-ON85256B14.00127105@lightbridge.com>
Sender: iaik-ssl-owner@iaik.tu-graz.ac.at

Hi Nauman,
Thanks for your help.
But my question is in the step one, // Assign the certificate part.
In order to use the ChainVerifier class, one MUST have a chain of
certificate first, right? My problem is that when I get an input
certificate, I need to get the chain for that certificate. And just
how exactly would I do that??
Thanks.
-- Lei

At 03:27 AM 11/30/2001 +0000, Nauman Ahmad Khan wrote:

Hello,
You have to do following steps for that.

1- First you must have the chain you want to verify, say
   X509Certificate [] certChain = new X509Certificate[SIZE];
   // Assign the certificate <----- ???????????? How
   If your certificates are not in arrangement, i mean from lowest end user
cert to the top CA certificate then you can do this like
   X509Certificate [] arrangedCertChain =
iaik.utils.Util.arrangeCertificateChain(certChain, false);

2- Then You can write the code like this to verify the chain
SimpleChainVerifier objChainVerifier=new SimpleChainVerifier();
objChainVerifier.setTrustedCertificates(trustedCerts);

where trustedCerts is set of certificate with which you want to check the
certificate chain should link to complete the certificate path. Then you
have to call a function
objChainVerifier.verifyChain(arrangedCertChain );

IF there is any kind of error, this function will throw an exception,
otherwise your chain is verified.

Hope it helps
Regards
Nauman

Cheers and Have a Good Time
Nauman Ahmad Khan
Senior Software Architect
Ascertia Group
lashary@hotmail.com

----Original Message Follows----
From: Lei Gu <lgu@lightbridge.com>
To: iaik-jce@iaik.at, iaik-ssl@iaik.at
Subject: [iaik-ssl] How to obtain a certificate chain
Date: Wed, 28 Nov 2001 08:34:11 -0500

>Hi,
>I need to verify a certificate chain using ChainVerifier class. But don't
>I need to get the chain of certificate for an input certificate? Then
>how could I get the chain of certificates for a particular certificate?
>Thanks in advance.
>-- Lei Gu

=====================
Lei Gu @ 4055
lgu@lightbridge.com
=====================

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

=====================
Lei Gu @ 4055
lgu@lightbridge.com
=====================

Prev by Date: [iaik-ssl] Is it possible to generate a symmetric key with IAIK Java 2 Micro Ed. API?
Next by Date: [iaik-ssl] How can I verify the disgital signature of an X509 certificate?
Prev by thread: Re: [iaik-ssl] How to obtain a certificate chain
Next by thread: Re: [iaik-ssl] How to obtain a certificate chain
Index(es):
- Date
- Thread