ejbca

How to check OCSP client certificate revocation using Python Requests library?

≯℡__Kan透↙ 提交于 2021-01-04 10:37:12
问题 How do I make a simple request for certificate revocation status to an EJBCA OSCP Responder using the Python requests library? Example: # Determine if certificate has been revoked ocsp_url = req_cert.extensions[2].value[0].access_location.value ocsp_headers = {"whatGoes: here?"} ocsp_body = {"What goes here?"} ocsp_response = requests.get(ocsp_url, ocsp_headers, ocsp_body) if (ocsp_response == 'revoked'): return func.HttpResponse( "Certificate is not valid (Revoked)." ) 回答1: Basically it

关于使用由CA机构(EJBCA)颁发的证书实现SLLSocket双向认证服务端报null cert chain的解决方案

我的梦境 提交于 2020-10-19 10:25:55
在 SSLSocket实现服务端和客户端双向认证的例子 文章中最后提到使用keytool.exe的自签证书实现双向认证可以,但是使用ejbca生成证书实现SLL Socket的双向认证是服务端老是报错提示 null cert chain的错误。 当时花了一整天的时间研究都没有眉目,今天突然想到,cert chain,证书链,查看客户端或服务证书库中的证书,含有除了自身的私匙外还有一个CA的公匙,如下图所示: 终于明白了,原来要实现双向认证,使用keytool.exe工具的-export命令除需要导出自身的公匙证书外,还需要导出含CA公匙的证书。整个步骤也就如下: 1.使用EJBCA系统创建客户端实体,token为jks证书库形式(主题DN信息参考其他文章),在create key store菜单中输入用户名密码导出客户端证书库 ejbcaclient.jks; 2.使用EJBCA系统创建服务端实体,token为jks证书库形式,在create key store菜单中输入用户名密码导出服务端证书库 ejbcaserver.jks; 3.使用keytool.exe工具的-export命令分别导出含有客户端公匙的证书以及含有CA签发机构公匙的证书 sslclient.crt,sslclientca.crt; 4.使用keytool.exe工具的

How to delete an EJBCA end entity using the WSs

最后都变了- 提交于 2020-02-06 04:27:24
问题 I can see that I can revoke a certificate using WS (however I'm not sure how I'm supposed to get it's issuerDN) but is there a way to delete the end entity in it's entirety. Basically can I do the equivalent of doing "revoke and delete" with a web service? Edit: just noticed that "revoke and delete" doesn't truly delete the end entity as if they are remade the old revoked certificates are still there. Guess the only way is to delete the data from the DB? 回答1: Correct. Delete an end entity

Fetch pre-generated p12 certificate from EJBCA

﹥>﹥吖頭↗ 提交于 2019-12-12 02:08:26
问题 I am using the following API to fetch a certificate previously generated in EJBCA: https://www.ejbca.org/older_releases/ejbca_4_0/htdocs/ws/org/ejbca/core/protocol/ws/client/gen/EjbcaWS.html#getCertificate(java.lang.String, java.lang.String) The Private+public key was generated in the code, and hence I haven't persisted it anywhere. While setting the user status ( "editUser" ) I've used https://www.ejbca.org/older_releases/ejbca_4_0/htdocs/ws/org/ejbca/core/protocol/ws/client/gen/UserDataVOWS

Access browser certificate store using javascript

馋奶兔 提交于 2019-12-11 13:43:23
问题 how can i access browser certificate store, using javascript ,to know if a CA's Root certificate exists or not ? 回答1: I couldn't find such JavaScript library that does the above mentioned task.so its not possible using JavaScript but you can do the same with an Applet in java. 来源: https://stackoverflow.com/questions/28067553/access-browser-certificate-store-using-javascript
订阅 ejbca