EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PDFSecureBlackbox : status of digital Signature : Unknown

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#36155
Posted: 03/07/2016 14:35:04
by Yann Fontaine (SUPPORT DISABLED)
Joined: 02/01/2016
Posts: 39

Hi

I've found that the validator tells me that too on LOCALHOST when i removed the JNI.initialize (because of portability, we don't want to include external dll, plateform dependant)

Is there a way to achieve my validation without JNI (i hope so) ?
Is the JNI make validation run fine because of using my computer simultaneously as client (web browser) and server ?

Waiting for your help

Thanks

Yann
#36156
Posted: 03/07/2016 14:58:23
by Eugene Mayevski (EldoS Corp.)

You need to carry the CA certificates with your application then, or you can load them from the system storage in some way.


On Linux those certificates are stored in OpenSSL files, but unfortunately in different locations in different distros). On Windows they are in Windows Certificate Storage. On MacOS they are ni its own storage (not accessible from Java edition at the moment).

For example, you can export CA certificates from Windows and keep them in one file, and then export ROOT certificates and keep them in another file. When it comes to validation, you use AddKnownCertificates and AddTrustedCertificates respectively to add those certificates to the validator.


Sincerely yours
Eugene Mayevski
#36160
Posted: 03/08/2016 03:28:24
by Yann Fontaine (SUPPORT DISABLED)
Joined: 02/01/2016
Posts: 39

Hi Eugene,

and thanks for your support

I've a question : is the root certificates must come with private keys ?
Or certificates with public key is enough ?

When you say "you can export CA certificates from Windows and keep them in one file, and then export ROOT certificates and keep them in another file."
what is the format where i chave to put certificates ? PKCS7 ? with password protection ?
So that is what i need to ask to my customer :
- CA Certificates in a PKCS#7 file
- ROOT Certificates in another PKCS#7 file

could he do that from its PKI ?

Sorry, i've a lot of questions, but i thought that only one single certificate will be enough

Thanks Eugene.
#36162
Posted: 03/08/2016 03:36:11
by Eugene Mayevski (EldoS Corp.)

Quote
Yann Fontaine wrote:
I've a question : is the root certificates must come with private keys ? Or certificates with public key is enough ?


Root and CA certificates never come with private keys.

Quote
Yann Fontaine wrote:
When you say "you can export CA certificates from Windows and keep them in one file, and then export ROOT certificates and keep them in another file." what is the format where i chave to put certificates ? PKCS7 ? with password protection ?


Yes, PKCS#7 format is the most common.

Quote
Yann Fontaine wrote:
could he do that from its PKI ?


Depends on what you mean by "his PKI". In Windows one can export the set of certificates but I am not sure about options to export all certificates in the store. By writing some code you can save all CA or all ROOT certificates to PKCS7 file using a call to TElWinCertStorage.SaveToStreamPKCS7() method.


Sincerely yours
Eugene Mayevski
#36175
Posted: 03/08/2016 09:50:32
by Yann Fontaine (SUPPORT DISABLED)
Joined: 02/01/2016
Posts: 39

Thanks for your help.

When searching about ROOT and Intermediate certificates, i checked all certificates given by the customer.
And found that one intermediate certificate was missing.
I asked the customer for this certificate, and after that, load all certificates in validator.
And now it's running fine !

Thanks a lot for your help about this topic, and other ones (PDF signature, ..)

The last thing will be the CRL test in the customer infrastructure

Thanks

Yann
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 4887 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!