从TLS获取证书链以使用OCSP [英] Getting certificate chain from TLS for using OCSP

查看：403 发布时间：2020/7/2 0:32:07 java ssl ssl-certificate x509certificate ocsp

本文介绍了从TLS获取证书链以使用OCSP的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

我想使用OCSP检查TLS握手期间来自服务器的证书.

I would like to use OCSP checking for the certificate which is coming from the server during TLS handshake.

我正在使用Bouncy Castle作为OCSP实现的提供者，并且BC验证方法通常希望X509Certificate作为参数.

I am using Bouncy Castle as provider for OCSP implementation and BC verification methods want X509Certificate as parameter generally.

所以；如何在Java端跟踪并获取传入证书链并进行获取?

So; how can I follow and get incoming certificate chain at Java side and fetch it?

感谢您的帮助.

您可以使用

You can use HttpsURLConnection.getServerCertificates and cast the result to X509Certificate

HttpsURLConnection connection = ...
Certificate chain[] = connection.getServerCertificates();
X509Certificate cert = (X509Certificate)chain[0];

这篇关于从TLS获取证书链以使用OCSP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！