Checking the CRLDP??

Report · Jun 30, 2009

Hi again folks,

This is kind of related to my previous post about inspecting digital certificates, but my question now focuses more on how to go about checking the CRL (Certificate Revocation List) via the CRLDP (Certificate Revocation List Distribution Point).

I've found that i can get the URI for the CRL using the getCRLDistributionPointsExtension() method, but I don't know what to do with that URI. Again, I need to examine the list programmatically. I tried just browsing to the URI that I was given thinking that would just show me perhaps some XML or an on-screen listing of the revoked serial numbers, but instead my browser imported the list. I need to get at that list programmatically.

Can someone help me to understand how to do that?

Thanks again,

Chris

Report · Jul 01, 2009

Okay, so I think I partially figured this out. If I just do a cfhttp to the address of the .crl URI I get a java.io.ByteArrayOutputStream object in the FileContent portion of the return value. It looks like this might be the CRL in the DER encoded format. I've got a toString() function and a toByteArray() function amongst other things.

So, now I'm wondering if all I need to do is figure out how to decode DER encoded content.

Anyone know how to do that??