[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] TLS certificate validation
From: |
Ralph Corderoy |
Subject: |
Re: [Nmh-workers] TLS certificate validation |
Date: |
Sun, 25 Sep 2016 16:59:01 +0100 |
Hi Jeff,
> What would be good to find is a script that can do an audit of a
> system's ca-certificates and list any that have been revoked or have
> expired and run this on our build servers.
Go has a good set of crypto stuff in its standard library, done by
Google's Adam Langley who's one of their top TLS guys, so I thought I'd
find a command-line program that used that to do what you suggest, but
couldn't.
I did find
https://raymii.org/s/articles/OpenSSL_manually_verify_a_certificate_against_a_CRL.html
https://raymii.org/s/articles/OpenSSL_Manually_Verify_a_certificate_against_an_OCSP.html
that show how to use OpenSSL's command line. Many *.pem here don't have
OCSP, and many don't give a CRL URI, which is a bit rum.
--
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy
- Re: [Nmh-workers] TLS certificate validation, (continued)
Re: [Nmh-workers] TLS certificate validation, David Levine, 2016/09/24
Re: [Nmh-workers] TLS certificate validation, Ralph Corderoy, 2016/09/24
Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/24
- Re: [Nmh-workers] TLS certificate validation, Ken Hornstein, 2016/09/24
- Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/25
- Re: [Nmh-workers] TLS certificate validation, Ralph Corderoy, 2016/09/25
- Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/25
- Re: [Nmh-workers] TLS certificate validation,
Ralph Corderoy <=
- Re: [Nmh-workers] TLS certificate validation, Ken Hornstein, 2016/09/25
- Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/25
Re: [Nmh-workers] TLS certificate validation, Ken Hornstein, 2016/09/25
Re: [Nmh-workers] TLS certificate validation, Jeffrey Honig, 2016/09/25
Re: [Nmh-workers] TLS certificate validation, Valdis . Kletnieks, 2016/09/24
Re: [Nmh-workers] TLS certificate validation, Lyndon Nerenberg, 2016/09/26