Validate X509 certificates using Java APis

by

Normally, a certificate will be issued by an intermediate issuing authority, not a “root” authority (which is all that should be in your trust store). Most protocols encourage sending a “chain” of certificates, not just the entity’s certificate.

You should add all of the intermediate certs so that a complete chain can be formed.

In order to be certain that the certificate is still valid, you should not disable revocation checks. If you don’t want to retrieve a CRL (which can be large), the issuer may offer OCSP support. But, this has to be enabled in the Java runtime by setting certain system properties.

If the path validator returns successfully, you don’t need to check anything else. If the certificate is not valid, an exception will be raised.

Also, an explicit check on the validity date is unnecessary. This occurs during validation (using the current time, unless you specify a time via the PKIXParameters).

For a more extensive discussion of validation, including sample code, see a previous answer of mine.

More Related Contents:

  1. C++ code to Java, few questions [closed]
  2. Why cannot I return values from two functions in Java?
  3. Why do this() and super() have to be the first statement in a constructor?
  4. How to read and write XML files?
  5. Sparse matrices / arrays in Java
  6. How does paintComponent work?
  7. How do I create a parent-last / child-first ClassLoader in Java, or How to override an old Xerces version that was already loaded in the parent CL?
  8. Why can’t I declare static methods in an interface?
  9. JFreeChart line chart with text at each point
  10. Difference between getExternalFilesDir and getExternalStorageDirectory()
  11. Android Resource – Array of Arrays
  12. XPath with namespace in Java
  13. notifyDataSetChanged() makes the list refresh and scroll jumps back to the top
  14. How to retrieve a list of available/installed fonts in android?
  15. Auto resizing the JTable column widths
  16. Creating an animated 4×4 grid in Java
  17. Trim characters in Java
  18. How to copy HashMap (not shallow copy) in Java
  19. How to convert a normal java project in intellij into a JavaFx project
  20. Android: Cannot perform this operation because the connection pool has been closed
  21. Check if a value exists in ArrayList
  22. In Eclipse, what is the difference between modulepath and classpath?
  23. Is there a way to reference the Java class for a Kotlin top-level function?
  24. Why is String[] args required in Java?
  25. Custom List Field click event
  26. Android Studio layout editor cannot render custom views
  27. Accessing outer class members from within an inner class extending the outer class itself
  28. Failed to load ApplicationContext caused by ArrayIndexOutOfBoundsException in ClassReader
  29. Tess4J: Invalid memory access
  30. Java replace all square brackets in a string

Leave a Comment