Security Basics mailing list archives
RE: How to perform SSL certificate validation ?
From: "Ncssindia" <ncssindia () gmail com>
Date: Thu, 13 Jul 2006 18:48:25 +0530
There is a product called as Microdasys SCIP, for SSL Verification, can check for self singed certificated, This will come in handy as a great tool for SSL. Best Regards, Reactor Network and Content Security Solutions RNCSS Support #1 : rncssindia () gmail com RNCSS Support #2 : rncsscccp () gmail com -----Original Message----- From: Nagareshwar Talekar [mailto:tnagareshwar () gmail com] Sent: Monday, July 10, 2006 11:46 PM To: security-basics () securityfocus com Subject: How to perform SSL certificate validation ? Hi List, I am working on implementation of LDAP client where in there is requirement to validate the server's ssl certificate. This is similar to what browser does in case of ssl enabled website. After reading few articles over net I came to know that following checks needs to be done for verfication of ssl certificate. 1) Check if certificate is not expired. 2) Common name on the certificate matches the DNS name of the server. 3) Checks if the CA is trused. I don't know how to perform the check for 3rd step. How can we ensure that CA is trusted? One of my colleague told that I have to store all trusted root certificates and then compare incoming certificate with existing ones.. Is there any better way to check this ...? Also I was told that certificate validation is done to prevent the SSL-MITM attack Is this the only reason or is there any other reason for which the SSL certificate validation is done ? It will be great if you can throw some light in this matter. Any links to relevant websites will do as well. Thanks -- With Regards Nagareshwar --------------------------------------------------------------------------- This list is sponsored by: SensePost Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at: http://www.sensepost.com/training.html --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: SensePost Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at: http://www.sensepost.com/training.html ---------------------------------------------------------------------------
Current thread:
- How to perform SSL certificate validation ? Nagareshwar Talekar (Jul 11)
- RE: How to perform SSL certificate validation ? Ncssindia (Jul 13)
- Re: How to perform SSL certificate validation ? Alexander Klimov (Jul 13)
- <Possible follow-ups>
- RE: How to perform SSL certificate validation ? Robertson, Seth (JSC-IM) (Jul 14)