[openssl-users] openssl verify with 1B certificates

ebe ebe cipetpet5 at yandex.com
Thu Mar 30 17:44:46 UTC 2017


Hello,

I am a CS graduate student and doing a measurement study regarding the SSL ecosystem. I have approximately 1 billion SSL certificates and I would like to run openssl verify on each certificate to sift out invalid certificates. My major concern, as you might guess, is whether doing this verification is feasible given the size of my dataset. An alternative idea I have is to replicate the verification steps of openssl. More specifically, I am working with a Hadoop infrastructure and I can perform some of the verification steps without running into scalability issues (e.g is certificate between notBefore-notAfter timestamps, subject key&authority key identifier checks). However, with this approach I feel like verifying the signature would be a big challenge. Any ideas on how I can tackle these problems?

Regards,
Ceyhun


More information about the openssl-users mailing list