Skip to content

Instantly share code, notes, and snippets.

@herpiko

herpiko/trustmeplease.md

Last active April 28, 2018 03:07
Show Gist options
  • Save herpiko/8b63a213ebe418f4a7da95c141513e63 to your computer and use it in GitHub Desktop.
Save herpiko/8b63a213ebe418f4a7da95c141513e63 to your computer and use it in GitHub Desktop.
Download ZIP
PKI Trust relations
Raw
trustmeplease.md

Trust

Derived Still valid Result: is verified?
Yes Yes Verified
Yes No Not verified
No Yes Not verified
No No Not verified

Revocation

Is in revocation list Result: is revoked?
No No
Yes Yes

Possible combinations

No Derived Still valid Is revoked? Result: is verified? Result: is revoked? Status for UI
1 Yes Yes No Verified No Trusted
2 Yes No No Not verified No Expired
3 No Yes No Not verified No Not Trusted
4 No No No Not verified No Not Trusted
5 Yes Yes Yes Verified Yes Revoked
6 Yes No Yes Not verified Yes Revoked
7 No Yes Yes Not verified Yes Not Trusted
8 No No Yes Not verified Yes Not Trusted

After the CA chain of non-derived certs has been imported to keystore :

No Derived Still valid Is revoked? Result: is verified? Result: is revoked? Status for UI
1 Yes Yes No Verified No Trusted
2 Yes No No Not verified No Expired
3 Yes Yes No Not verified No Trusted
4 Yes No No Not verified No Expired
5 Yes Yes Yes Verified Yes Revoked
6 Yes No Yes Not verified Yes Revoked
7 Yes Yes Yes Not verified Yes Revoked
8 Yes No Yes Not verified Yes Revoked

Check sequences

  1. Is derived? If no, it's simply Not Trusted
  2. Is expired?
  3. Is revoked?
@herpiko
Copy link
Author

herpiko commented Feb 3, 2018

https://raymii.org/s/articles/OpenSSL_manually_verify_a_certificate_against_a_CRL.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment