Any plans to add Certificate Field Validations(Specifically Certificate Extensions)?
Input for the tool can be a User Certificate in PEM/DER/PFX format.
I am sorry, I don't understand what sort of validation you'd like to perform on user (I assume client) certificates? Could you give me some examples of problems you'd like to solve? Thanks.
For example::if i have a user certificate(called ee) which is signed by a CA(called root)
so the chain will be ee<----->root
So can we have a tool to do the following::
1.check if ee is issued by root
2.verify all the certificate fields are proper
-----------say suppose ee is of type end user certificate whose public key can be used for so and so purpose only
3.Revocation status if any
The tool can be simulated as below where in Openssl has verify command which will do some basic certificate validation steps
openssl verify -h
usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...
sslclient SSL client
sslserver SSL server
nssslserver Netscape SSL server
smimesign S/MIME signing
smimeencrypt S/MIME encryption
crlsign CRL signing
any Any Purpose
ocsphelper OCSP helper
We already have parts of that. If you install the certificate chain you wish to validate on a server and point the SSL Labs test at it, the results will show any issues with signatures, revocation, certificate order, and so forth.
We don't perform any purpose checks at the moment, but it would be a useful addition to handle some edge cases.
SSL labs work great when the web service is available to the internet.
for internal websites, I use https://github.com/iSECPartners/sslyze
Retrieving data ...