With IvSign it is possible to verify a digital certificate to confirm its integrity, validity or revocation status, and to extract information about its owner and about the company in case of a legal entity certificate.
As always, we need to authenticate ourselves and get a session token first:
Execute in a console (replacing the data in blue with the data received in the email)
curl -sS --user-agent WebSend --header 'Content-Type: application/json' --header 'Accept: application/json' --request POST --data '{"login":"USUARIO","pass":"PASSWORD","orgaid":"ORGAID","module":"integra","modkey":"K#t@g-n2a_d[3-G1","modver":"1.0"}' https://test.ivsign.net/Keyman/rest/v4/Auth/Login
REPLY:
{
"token":"KOCisd+DfGFOzcTxGwcthUsNQl0jaRFKUrrlB2OUPs0tNTIfORd7/zW1e8mb0iHuUMBuHitlLU8hewG/mJfFczw==",
"user":{"userid":"ivsdemo","extid":null,"orgaid":"orgademo","email":"demomail@ivnosys.com","name":"Usuario","lastname":"Demostraciones","lastip":"42.0.1.59","ident":null,"disabled":false,"createdate":"2019-03-11T13:54:55Z","lastlogin":"2019-03-11T14:02:34.9055158Z","previouslogin":null,"authprovider":"db","admin":false,"superadmin":false,"pass":null,"validation":null,"lang":"es","valid":true,"phone":null,"orgachain":"root.integra.orgademo.","disabledreason":null},
"error":{"code":"K0000","message":"OK","traceid":"CIK4QZVHU5V7G"}
}
We will need the token returned in the previous call (in blue) and the certificate in base64 (Here an exemple)
Then, we can make the call to verify the certificate.
curl -sS --user-agent WebSend --header 'Accept: application/json' --header 'Authentication: TOKEN' --header 'Content-Type: application/json' --request POST --data '{"cer":"CERTIFICADO"}' https://test.ivsign.net/Keyman/rest/v4/Verify/CER
Reply obtained from the verification service:
{
"certinfo":{
"serial":"4330BCC6ACFE64605AC73C528A4BEAA3",
"validfrom":"2018-04-06T11:22:25+02:00",
"validto":"2021-02-26T23:59:59+01:00",
"issuer":"CN=AC DNIE 001, OU=DNIE, O=DIRECCION GENERAL DE LA POLICIA, C=ES",
"issuercn":"AC DNIE 001",
"subject":"CN=\"Ficticio Activo, Ciudadano (FIRMA)\", G=Ciudadano, SN=Ficticio, SERIALNUMBER=99999018D, C=ES",
"subjectcn":"Ficticio Activo, Ciudadano (FIRMA)",
"subjectcountry":"ES",
"signalg":"sha256RSA",
"keyusage":[
"NonRepudiation"
],
"enhancedkeyusage":[
],
"caname":"DGP",
"type":"PF",
"userinfo":{
"name":"Ciudadano",
"lastname":"Ficticio",
"ident":"99999018D",
"email":null,
"birthdate":null
},
"orgainfo":{
"ident":null,
"name":null
},
"qualified":false,
"qualifiedclassification":0,
"sha1sum":"4812E1518AD027A6ED8FCE38CA749ED6FE60363A",
"sha1sumissuer":"41CF9EC0733D58E43997A6C65DF797C3EE99407B"
},
"expired":false,
"untrusted":false,
"revoked":false,
"invalidsignature":false,
"valid":true,
"error":{
"code":"K0000",
"message":"OK",
"traceid":"CIK4QZ5KJQURI"
}
}
With this we can obtain all the relevant information from a certificate, and if it is completely valid. If it is not, the reasons why it is not valid (expired, revoked or corrupted) will be indicated