Derived | Still valid | Result: is verified? |
---|---|---|
Yes | Yes | Verified |
Yes | No | Not verified |
No | Yes | Not verified |
No | No | Not verified |
Is in revocation list | Result: is revoked? |
---|---|
No | No |
Yes | Yes |
No | Derived | Still valid | Is revoked? | Result: is verified? | Result: is revoked? | Status for UI |
---|---|---|---|---|---|---|
1 | Yes | Yes | No | Verified | No | Trusted |
2 | Yes | No | No | Not verified | No | Expired |
3 | No | Yes | No | Not verified | No | Not Trusted |
4 | No | No | No | Not verified | No | Not Trusted |
5 | Yes | Yes | Yes | Verified | Yes | Revoked |
6 | Yes | No | Yes | Not verified | Yes | Revoked |
7 | No | Yes | Yes | Not verified | Yes | Not Trusted |
8 | No | No | Yes | Not verified | Yes | Not Trusted |
After the CA chain of non-derived certs has been imported to keystore :
No | Derived | Still valid | Is revoked? | Result: is verified? | Result: is revoked? | Status for UI |
---|---|---|---|---|---|---|
1 | Yes | Yes | No | Verified | No | Trusted |
2 | Yes | No | No | Not verified | No | Expired |
3 | Yes | Yes | No | Not verified | No | Trusted |
4 | Yes | No | No | Not verified | No | Expired |
5 | Yes | Yes | Yes | Verified | Yes | Revoked |
6 | Yes | No | Yes | Not verified | Yes | Revoked |
7 | Yes | Yes | Yes | Not verified | Yes | Revoked |
8 | Yes | No | Yes | Not verified | Yes | Revoked |
- Is derived? If no, it's simply Not Trusted
- Is expired?
- Is revoked?
https://raymii.org/s/articles/OpenSSL_manually_verify_a_certificate_against_a_CRL.html