Is there a way to compare a CA issued Certificate against the CSR stored?
I would like to know if there is a way ( in JAVA ) to compare the CA issued certificate for a corresponding CSR against the CSR itself. To be more precise; DN comparison or the comparing the Public Key?
I doubt if the public key entity of the CSR could be compared with that of the Cer开发者_高级运维tificate's public Key. Is that possible?
You could use the CA issued certificate to validate the digital signature in the CSR. Every CSR is signed by the private key corresponding to the public key in the CSR. If you can use the public key from the certificate to validate the signature, you can ensure they are related.
You could also compare the public key in the CSR with the public key in the certificate. I would avoid DN comparison, as some CA software allows the registration authority to modify the DN prior to issuing the certificate. So, you could conceivably end up with a cert that has a DN that differs from the one in the CSR, even though they are directly related.
精彩评论