You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Miroslav Nachev <mi...@space-comm.com> on 2007/02/14 11:10:18 UTC
How to get intermediate validation results during PKIX Certificate
Path Validation
Hi,
For XAdES I need of additional information during PKIX Certificate Path
Validation which exists when the debugging is enabled.
Is there any way to get these intermediate validation results?
1. Key Checker;
2. Constraints Checker
- basic constraints
- name constraints
3. Certificate Policy Checker
4. Basic Checker
- timestamp
- subject/issuer name chaining
- signature
- issuer
5. OCSP Checker
- Searching trust anchors for responder's certificate
- connecting to OCSP service at: http://ocsp.b-trust.org
- OCSP response: Successful
- OCSP response type: basic
- OCSP Responder name
- Verified signature of OCSP Responder
- Status of certificate (with serial number 22083) is: Good
6. CRL Revocation Checker
- checking revocation status;
- Choice between CRL Distribution Points (URL) or CRL File
- Trying to fetch CRL from DP
http://www.b-trust.org/repository/ca3/crl/b-trust_ca3_oper.crl
- Downloading new CRL...
- Returning 1 CRLs
- Verify Revocation Status: approved crls.size() = 1
- starting the final sweep...
- CrlRevocationChecker.verifyRevocationStatus cert SN: 22083
7. Checking for unresolved Critical Extensions
Best Regards,
Miroslav Nachev