I've always checked ssl-certificates with a known CA in my applications.
I want users to automatically check certificates within their own
implementation.
Some of them uses different CA's for their servers and webservices.
How can I check these different certificatites without any notification
Paul wrote:
I've always checked ssl-certificates with a known CA in my
applications. I want users to automatically check certificates within
their own implementation.
Some of them uses different CA's for their servers and webservices.
How can I check these different certificatites without any
Paul wrote:
You get message to trust the certificate.
Only if the certificate cannot be verified.
That happens when certificate's signing certificate
isn't in the trusted store or otherwise the chain of trust
cannot be build without gaps.
IE doesn't show anything unless the cert in not valid
One not 100% reliable workaround would be to create a new bundle
PEM certificate file from the windows certificate stores when
the app starts before the context is initialized (see PemTool demo).
However if the CA certificate was not yet in the local Windows
store this method won't work :(
Paul wrote:
One not 100% reliable workaround would be to create a new bundle
PEM certificate file from the windows certificate stores when
the app starts before the context is initialized (see PemTool demo).
However if the CA certificate was not yet in the local Windows
store this method
Another idea was to mimic the MS certificate server. The application
could download a missing certificate from your website.
Is not save when you don't where you are downloading it from (I have no
control of what our clients are doing)
I can imagine the trouble, however OpenSSL was choosen
