Certificate chain verification

digitalbazaar / forge

A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps

https://digitalbazaar.com/

Other

5.03k stars 777 forks source link

Certificate chain verification #877

Open hmpvillegas opened 3 years ago

hmpvillegas commented 3 years ago

I would like to ask if there is an existing function where I have Root, intermediate and end-entity certificate, I would like to verify the end-entity certificate through intermediate and root certs if possible through pkcs7. Is there any existing function for this?

Neumann-Nils commented 2 years ago

There is verifyCertificateChain:

function pki.verifyCertificateChain(caStore: forge.pki.CAStore, chain: forge.pki.Certificate[], options?: ((verified: string | boolean, depth: number, certs: forge.pki.Certificate[]) => boolean)

As far as I know, It does not work for PKCS7 but with an array of certificate objects. Anyway, you can translate PKCS7 into certificate objects with the utilities from forge.pkcs7.