ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claude Libois <>
Subject How to use multiple CRL with WSS4J ?
Date Fri, 30 Sep 2016 13:14:20 GMT
I got the following pki chain Root CA>Intermediate CA>Client signing
A suggested by Colm, I have set in my truststore my Intermediate CA and my
Root CA.
However, by doing this, CRL verification doesn't work. In fact, it seems to
validate my Intermediate CA against the Root CA crl while I'm only
interested to verify the client certificate.
I'm not sure how revocation validation works but it seems to validate CRL
for every certificate(except the Root).
However, I don't know how to specify multiple CRL in WSS4J or if it
possible to merge 2 crl files into a common one ?
I have provided 2 logs. The first one with the Intermediate CA CRL. We can
see that validation of the Intermediate CA against Root CRL failed since
it's not provided.
The second one is with the Root CA CRL. Intermediate CA validation succeed
but the signing certificate then failed...

Best Regards,

View raw message