Open trasherdk opened 2 years ago
@trasherdk Hey, is there any inbuilt function for validating the certificate chain using a trusted root certificate?
There is a library named node-forge
that has this functionality. However, that is not working with apple's certificates.
const rootCert = pki.certificateFromPem(rootCertPemStr); const caStore = pki.createCaStore([rootCert]); const x509CertificateChain = // x509 certificate objects const validity = pki.verifyCertificateChain(caStore, x509CertificateChain);
@yogesh-chaudhari-77 Probably not. I think @kjur would have mentioned it in the linked response.
Anyway. The above snippet should run through the certificate chain, so you can verify the signer of your certificate is in there.
Or the other way around. Your root should be signing, or actually be, the first cert in the chain.
@trasherdk Thanks for such a prompt response. Yes for time being I appended the root certificate into the certificates
and it worked for me as expected. However, certificate chain validation is quite a common use case that should be part of the library itself.
2 snippets to check if I can identify witch intermediate CA signed a client certificate.
Source: https://github.com/kjur/jsrsasign/issues/176#issuecomment-373639945
And a second, simpler, version:
Source: https://github.com/kjur/jsrsasign/issues/176#issuecomment-1073434816