Java SSL Certificate Revocation Checking

Question

I\'m currently writing a network TCP server using SSL. In production, we\'ll finally require clients to authenticate with a certificate.

In order to revoke certifica

Answer 1

First of all, the revocation checking that you can configure in jcontrol (from 1.8) applies only for applet and WebStart downloads and signer certificate checks ! For a programmed https client you can use the PKIXRevocationChecker mentioned above, but by my experience the Oracle implementation doesnt support LDAP CDP downloads at all. When I had this problem I needed to implement the full certificate chain check with CRL and immediate CA cert downloads from LDAP, behind my custom TrustManager's checkXXXX functions...