Java OCSP Client using openSSL

Question

my requirement is like that, I have a Client CA certificate in my machine, and I am getting a customer CA cert's encoded data from a request message's header. I have to validate the customar CA through Java-OCSP using openSSL.

Can anybody help me in terms of what the exactly Jars are required for it or is it possible at all?

Thanks, Suman

Answer 1

How to verify a certificate using OCSP is presented in this question: Verifying a certificate with Verisign OCSP Server As OpenSSL is a C/C++ program/library you have to call it via command line from within Java if you want to use it.

However if you are on Java - why not verify it using the OCSP capabilities of Java (or to be specific of Sun/Oracle Java).

It is simply deactivated but can be activated with a few lines of code:

PKIXParameters params = new PKIXParameters(anchors);
// Activate certificate revocation checking
params.setRevocationEnabled(true);
// Activate OCSP
Security.setProperty("ocsp.enable", "true");

This code was taken from Xuelei Fan's Blog. It also shows an example how to actually verify a certificate:

http://blogs.oracle.com/xuelei/entry/enable_ocsp_checking

Answer 2

Refer Book Beginning Cryptography with Java @spy [Wrox 2005] In chapter no 7 you will get more information about OCSPClient.

http://p2p.wrox.com/book-beginning-cryptography-java/42859-ocsp-request.html