Class CertificateChainValidationEngine

Represents a chain-building engine for Certificate certificates.


const rootCa = pkijs.Certificate.fromBER(certRaw1);
const intermediateCa = pkijs.Certificate.fromBER(certRaw2);
const leafCert = pkijs.Certificate.fromBER(certRaw3);
const crl1 = pkijs.CertificateRevocationList.fromBER(crlRaw1);
const ocsp1 = pkijs.BasicOCSPResponse.fromBER(ocspRaw1);

const chainEngine = new pkijs.CertificateChainValidationEngine({
certs: [rootCa, intermediateCa, leafCert],
crls: [crl1],
ocsps: [ocsp1],
checkDate: new Date("2015-07-13"), // optional
trustedCerts: [rootCa],

const chain = await chainEngine.verify();


  • CertificateChainValidationEngine



certs: Certificate[]

Array with certificate chain. Could be only one end-user certificate in there!

checkDate: Date

The date at which the check would be

Array of all CRLs for all certificates from certificate chain

findIssuer: FindIssuerCallback

The date at which the check would be

findOrigin: FindOriginCallback

The date at which the check would be

Array of all OCSP responses

trustedCerts: Certificate[]

Array of pre-defined trusted (by user) certificates


Generated using TypeDoc