Reputation: 28608
Code to fetch intermediate certificate automatically
When you install an SSL certificate you should include the intermediate certificates as well.
I handle a lot of SSL certificates and I spend a lot of time tracking down intermediates along the chain.
I want to write code that will fetch intermediates automatically. I use python and java and I don't care much about the implementation. ( either running commands and parsing the output or using some native API ).
It seems to me such a useful algorithm that I believe someone already wrote it.
- Is there an openssl command that can do this? searched for it but couldn't find.
- Is there a better way to go at it - using python / Java..
thanks.
Upvotes: 1
Views: 881
Answers (1)
Reputation: 54074
I want to write code that will fetch intermediates automatically
It is possible to do that provided that the end certificate i.e. the one you are trying to validate contains information on where to find the issuer CA certificate (via http or LDAP for example) in the AIA extension of the X.509v3 certificate.
Then you can download that certificate and continue in the same process (i.e. look into the AIA to get the issuer's issuer certificate) until you build the whole chain for validation.
This of course implies that you already have a PKI in place (not just create certificates yourself e.g. via OpenSSL)
Upvotes: 3
Related Questions
- Extract Server Certificates
- How to add the intermediate certificate within Java HTTPSServer
- get and install SSL certificate
- How to load SSL Certificate in Java
- Using http client - how to get Java to automatically download intermediate SSL certificates
- Extract certificate from SSLContext
- Obtaining all certificates in a chain; both intermediate and root
- How to programmatically add self signed certificate for making a HTTPS request from java code?
- Intermediate CA certificate in Java keystore
- Programmatically getting Certificate Details