Getting certificate chain from TLS for using OCSP

I would like to use OCSP checking for the certificate which is coming from the server during TLS handshake.

I am using Bouncy Castle as provider for OCSP implementation and BC verification methods want X509Certificate as parameter generally.

So; how can I follow and get incoming certificate chain at Java side and fetch it?

Thanks for your help.

1 answer

  • answered 2018-07-11 05:53 pedrofb

    You can use HttpsURLConnection.getServerCertificates and cast the result to X509Certificate

    HttpsURLConnection connection = ...
    Certificate chain[] = connection.getServerCertificates();
    X509Certificate cert = (X509Certificate)chain[0];