如何在 java 或 open ssl 中进行证书链验证? 我正在编写应用程序,用户放置错误的链顺序是非常常见的情况。证书以 *.pem 格式导入。
-----BEGIN CERTIFICATE-----
MIIEDDCCAvSgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCVVMx
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIExDCCA6ygAwIBAgIJAJGR2RC4vX04MA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD
f3sCZkch3E3Cb9GTBCq/c39A5ay6xj4b
-----END CERTIFICATE-----
我不关心证书是否有效,只关心它们是按正确的顺序导入的!
提前致谢!
最佳答案
openssl verify -verbose -purpose sslserver -CAfile <file containing both root and intermediates> <file containing signed cert>
If successful, you’ll get back a response like : OK
If unsuccessful (or something is missing), you’ll get back a response like:
Error 20 at 0 depth lookup: unable to get local issuer certificate
关于java - 证书链验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25547976/