[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] How to obtain a certificate chain



Hi Nauman,
Thanks for your help.
But my question is in the step one, // Assign the certificate part.
In order to use the ChainVerifier class, one MUST have a chain of
certificate first, right? My problem is that when I get an input
certificate, I need to get the chain for that certificate.  And just
how exactly would I do that??
Thanks.
-- Lei

At 03:27 AM 11/30/2001 +0000, Nauman Ahmad Khan wrote:

Hello,
You have to do following steps for that.

1- First you must have the chain you want to verify, say
   X509Certificate [] certChain = new X509Certificate[SIZE];
   // Assign the certificate  <----- ???????????? How
   If your certificates are not in arrangement, i mean from lowest end user
cert to the top CA certificate then you can do this like
   X509Certificate [] arrangedCertChain =
iaik.utils.Util.arrangeCertificateChain(certChain, false);

2- Then You can write the code like this to verify the chain
SimpleChainVerifier objChainVerifier=new SimpleChainVerifier();
objChainVerifier.setTrustedCertificates(trustedCerts);

where trustedCerts is set of certificate with which you want to check the
certificate chain should link to complete the certificate path. Then you
have to call a function
objChainVerifier.verifyChain(arrangedCertChain );

IF there is any kind of error, this function will throw an exception,
otherwise your chain is verified.

Hope it helps
Regards
Nauman


Cheers and Have a Good Time
Nauman Ahmad Khan
Senior Software Architect
Ascertia Group
lashary@hotmail.com



----Original Message Follows----
From: Lei Gu <lgu@lightbridge.com>
To: iaik-jce@iaik.at, iaik-ssl@iaik.at
Subject: [iaik-ssl] How to obtain a certificate chain
Date: Wed, 28 Nov 2001 08:34:11 -0500


>Hi,
>I need to verify a certificate chain using ChainVerifier class. But don't
>I need to get the chain of certificate for an input certificate? Then
>how could I get the chain of certificates for a particular certificate?
>Thanks in advance.
>-- Lei Gu

=====================
Lei Gu @ 4055
lgu@lightbridge.com
=====================

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl



_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

=====================
Lei Gu @ 4055
lgu@lightbridge.com
=====================