Certificates and Certificate Chains
This section describes what is public key certificates and certificate chains.
Certificate: A digitally signed statement from the issuer saying
that the public key of the subject has some specific value.
The above definition is copied from the JDK documentation. It has
a couple of important terms:
- "signed statement" - The certificate must be signed by the issuer with
a digital signature.
- "issuer" - The person or organization who is issuing this certificate.
- "public key" - The public key of a key pair selected by the subject.
- "subject" - The person or organization who owns the public key.
X.509 Certificate - A certificate written in X.509 standard format.
X.509 standard was introduction in 1988. It requires a certificate to have
the following information:
- Version - X.509 standard version number.
- Serial Number - A sequence number given to each certificate.
- Signature Algorithm Identifier - Name of the algorithm used
to sign this certificate by the issuer
- Issuer Name - Name of the issuer.
- Validity Period - Period during which this certificate is valid.
- Subject Name - Name of the owner of the public key.
- Subject Public Key Information - The public key and its related information.
How can you get a certificate for your own public key?
- Requesting it from a Certificate Authority (CA), like VeriSign, Thawte or Entrust.
- Doing it yourself - using tools like JDK "keytool" to generate a self-signed certificate.
Certificate Chain: A series of certificates that one certificate signs the
public key of the issuer of the next certificate. Usually the top certificate
(the first certificate) is self-signed, where issuer signed its own public key.
Last update: 2015.
Table of Contents
About This Book
Java Tools Terminology
Installing Java 8 on Windows
'javac' - The Java Program Compiler
'java' - The Java Program Launcher
'jdb' - The Java Debugger
'jconsole' - Java Monitoring and Management Console
'jstat' - JVM Statistics Monitoring Tool
JVM Troubleshooting Tools
jvisualvm (Java VisualVM) - JVM Visual Tool
'jar' - The JAR File Tool
'javap' - The Java Class File Disassembler
►'keytool' - Public Key Certificate Tool
►Certificates and Certificate Chains
'keystore' - Public Key Certificate Storage File
JDK 1.5 'keytool' - keystore File Management Commands
JDK 1.6 'keytool' - keystore File Management Commands
Generating Key Pairs and Self-Signed Certificates
Exporting and Import Certificates
Cloning Certificates with New Identities
'native2ascii' - Native-to-ASCII Encoding Converter
PDF Printing Version