X.509 Certificate Validation
|
 |
 |
|
|
This example shows how to obtain information on the
validity of a certificate by accessing TrustedX in a RESTful way.
The HTTP POST action is used to request to the trustedx-sgw/certificate/validation resource
located in labs.safelayer.com to
return a representation of the validity of the certificate whose base64 encoding is contained in
the <Base64Certificate>
element of the request being sent (in the message-body).
Please note that the servicePolicy
parameter in the URI is used to specify the policy under which the information
concerning the certificate’s validity (txDemoCAValidationPolicy) is wanted to be obtained.
POST /trustedx-sgw/certificate/validation?servicePolicy=txDemoCAValidationPolicy HTTP/1.1
Host: labs.safelayer.com
Content-Length: 1451
Content-Type: application/x-trustedx-certificate+xml
<Base64Certificate>MIIEHTCCAwWgAwIBAgICApwwDQYJKoZIhvcNAQEFBQAwbjFBMD8GA1UEChM4U2FmZWxheWVyIFNlY3VyZSBDb21tdW5pY2F0aW9ucywgUy5BLiBbQy5JLkYuIEE2MTkzMDA0Nl0xKTAnBgNVBAMTIFNhZmVsYXllciAtIENsYXNzIDEgUm9vdCBDQSBEZW1vMB4XDTA2MDUwNDEzNTUzMloXDTIxMDUwNDEzNTUzMlowQjELMAkGA1UEBhMCRVMxETAPBgNVBAoTCFRydXN0ZWRYMQ0wCwYDVQQLEwREZW1vMREwDwYDVQQDEwh0cnVzdGVkeDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo1NaQlYcC1cdFoY3yZr1hNrvhwQWk0pNY6urITGFsjRF2AEib3gayninPEW4a/4Nu4LAQK+5po2izZg/ooPbNHaFej5T9DaTvkplYNDynSQW+Ek1sOSXswNAgcfdurI3sqfQpU3ZFtWUBFxhB6ohqJGOC/slCkEX7dp5ZZtf0tkCAwEAAaOCAXMwggFvMC8GA1UdEQQoMCaBEXRydXN0ZWR4QHdvcmsuY29tgRF0cnVzdGVkeEBob21lLmNvbTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIEMDATBgNVHSUEDDAKBggrBgEFBQcDBDARBglghkgBhvhCAQEEBAMCBSAwHQYDVR0OBBYEFB3MuQL5kXwzqYjh1IzRCR0EkfOPMIGYBgNVHSMEgZAwgY2AFDRJmwQZBEIAj9D2eJvE143AF+00oXKkcDBuMUEwPwYDVQQKEzhTYWZlbGF5ZXIgU2VjdXJlIENvbW11bmljYXRpb25zLCBTLkEuIFtDLkkuRi4gQTYxOTMwMDQ2XTEpMCcGA1UEAxMgU2FmZWxheWVyIC0gQ2xhc3MgMSBSb290IENBIERlbW+CAQEwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2RlbW8uc2FmZWxheWVyLmNvbS9jcmxzL2NybERlbW9zLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAddTO/BU+FpGwYOFXUeN16BZCocP+jF7lf3eTuSoHU2D07XtsnkPM1vISTMx6nfuFQKuHraTaNnl78PDt9QWG3mkO75z8XEsp02dStTgGBEoIKpWWJX5KdVTILLejXtd6JodHH8prc+fGHRikwde92ZVFnlKNL6DL1JH3ZFUQ+x/tTQGA56J+6OmtB64qHjGML/w/78C4HKg9zVh2KNfbEOuJS9B0bWDBW5TCPa51dOK68OQe2XQm9ozxpMOOSApy6Rc6MOG5EdcJk/Ik/7FjkZTUXywQYDi0C3HwDktlHRcYWC45H7QwSH8ovP8kUah+kbudM67zx4qqCQAY9z6OYA==</Base64Certificate>
| | | | | | | |
|
The following explanation refers to the response
provided by TrustedX when it receives the previous request. Consequently, click
on Try for TrustedX to generate this response.
As you can see, the information on the validity of
the certificate includes:
- An identifier (<CertSatusCode>
element) that qualifies the validity of the
certificate in global terms. For example, the identifier urn:oasis:names:tc:dss:1.0:resultminor:ValidSignature_OnAllDocuments
indicates that the certificate is valid. Please note that for a certificate to
be deemed valid, apart from not having been revoked, its signature should be
authentic and its period of validity must not have expired.
- A text representation (<ocspXml> element)
of the OCSP response with information on whether or not the certificate has
been revoked.
- A text representation (<certificateXml>
element) of the certificate whose validity is being reported.
Note:
To implement this example the TrustedX SmartGateway component must be configured properly. See REST HowTo for an explanation on how to perform this.
|
