[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] TrustManager cert chain validation


>just a quick question regarding the cert validation capabilities of the TrustManager:
>Assuming I have initialised the TM with a root CA, (explicitly trusted for digital signature), is it possible to 
>present an end-entity certificate (previously issued by the trusted CA) and have TM build the path from the end-
>entity cert up to the CA?

The TM will check if a cert chain is trusted; if you only provide the first certificate in a chain it won't try to fit it
with data it holds.

>I've been playing around with TM, and I'm having trouble trying to get this simple task to work. It seems like the 
>TM does not construct the cert path at all. When calling Trustmanager.getTrustedCertChain(), I only get the end-
>entity cert. 
>Am I missing something obvious, or does TM not currently construct cert paths?
>If it's a case of me missing something obvious, does anyone have some demo programs that might help me 
Just give the TM a cert chain with at least a certificate  signed by the CA you defined previously.



Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce