I had to do the same thing and ultimately ended up using a package called commons-ssl to do the hostname verification. I'm pretty sure it also contains CRL checking as well.
The JRE has all of these implementations already to handle HTTPS connections, but for some reason Sun decided not to expose them. I asked around and never got a good answer from anyone. http://juliusdavies.ca/commons-ssl/ Shaun On Fri, Oct 9, 2009 at 5:48 PM, <[email protected]> wrote: > Hi, > > I'm writing a TCP server communicating with device via MINA. > MINA helped me writing server easily. I really appreciate it. > > I have a question for certificate in SSL communication. > In my application, the secure communication is done using SslFilter. > And the server and device need to authenticate each other. > I think that some basic validations such as validity period check are > being done by SslFilter automatically. > But how about the certificate revocation using CRL? > I couldn't find its internal process via log or any notes about that. > > I need to make sure which validations are checked internally and which > validations I need to implement. > Can anyone let me know whether I need to check certificate revocation > manually? > > Thanks in advance! > Neo Kim > >
