Create self signed SSL certificates with crl/ocsp X509 Extensions using openssl

(image source : https://ssl.trustwave.com/support/support-how-ssl-works.php) In order to test Ocsp/Crl validation we need to send the client request with ssl certificates that have information about CRL and OCSP. For that we can add authorityInfoAccess and crlDistributionPoints extensions to certificates. Here I'm using openssl tool on linux terminal to create required certificates. what we need to create: step 1. RSA key to root CA step...

2 commentsRead more

WSO2 ESB OCSP/CRL Verification implementation in transport Listner

 (image source : http://support.f5.com/techdocs/home/bigip/manuals/bigip4_5/bigip4_5features/images/BIGip_OCSPa.gif) During the SSL handshake a server invokes OCSP/CRL protocols to verify that the client’s X509 Certificate is not revoked by its issuer. Those protocols needs to make a http call to servers at CA in order to do the verification.  The responses include information about the revocation of the certificates. The SSL connection...

No commentsRead more