validate

suspend fun validate(validateAt: Instant = Clock.System.now(), requireBasicConstraints: Boolean = true)

Performs basic certificate chain validation.

Specifically, these checks are performed:

every certificate in the chain is signed by the next one,
signer certificate's subject matches signed certificate's issuer,
certificates are within their validity period (already valid and not yet expired),
signer certificate have CERT_SIGN key usage
non-leaf certificate must have basic constrains extension with

CA flag set to true
path length constraint that is sufficient for number of certificates in the chain

This method does not check certificate revocation lists.

validateAt

time of the validation

requireBasicConstraints

if non-leaf certificates must use basic constrains extension

if validation fails.