SEARCH KEYWORD -- CERTIFICATE
Different types of keystore in Java -- JKS
JKS is Java Keystore, a proprietary keystore type designed for Java. It can be used to store private keys and certificates used for SSL communication, it cannot store secret keys however. The keytool shipped with JDKs cannot extract private keys stored on JKS. This type of keystore usually has an extension of jks. Next we will show how to operate the JKS keystore with pure Java code. Create JKS keystore The simplest method to create a JKS keystore to create an empty keystore. We can first get an...
Generate signed certificate from CSR in Java
In our previous tutorial, we have explained how to generate CSR which can be sent to CA for generating a signed certificate. In this tutorial, we will explain how to generate the signed certificate from CSR in Java. We will not use an actual CA but a self-signed certificate to act as a CA certificate. Since the CSR contains the subject information where a certificate needs to be generated and signed for. The key here is to extract the subject information from the CSR and then set it as the subje...
JAVA,CSR,SIGN CERTIFICATE 2020-10-24 07:03:17
Generate certificate with cRLDistributionPoints extension using OpenSSL
In an X509 certificate, the cRLDistributionPoints extension provides a mechanism for the certificate validator to retrieve a CRL(Certificate Revocation List) which can be used to verify whether the given certificate is revoked. A cRLDistributionPoints extension can contain one or more DistributionPoints where the CRL can be retrieved from. Each DistributionPoint consists of three fields,each of which is optional: distributionPoint : it contains either a SEQUENCE of general...
X509,OPENSSL,CERTIFICATE,CRLDISTRIBUTIONPOINT,EXTENSION 2015-10-22 03:41:11
When a CA becomes untrustable
Information security has become a vital part of people's life, especially for those people who spend much time online. Tons of data are being transmitted over the internet every second. These data include user ids, passwords, credit card information etc and some of them are sensitive information which needs secure way to transmit. Hence different protocols have been developed including SSL/TLS to encrypt data transmitted over the internet. The core of these security protocols is the certifi...
APPLE,SECURITY,GOOGLE,MOZILLA,NEWS,WOSIGN 2016-10-01 23:03:44
Different types of keystore in Java -- PKCS12
PKCS12 is an active file format for storing cryptography objects as a single file. It can be used to store secret key, private key and certificate.It is a standardized format published by RSA Laboratories which means it can be used not only in Java but also in other libraries in C, C++ or C# etc. This file format is frequently used to import and export entries from or to other keystore types. Next we will explain the operations which can be performed on PKCS12 keystore. Create PKCS12 keystore Be...
All I Know About Certificates -- Certificate Authority
One of the crucial steps in the TLS handshake is for the server to prove its identity to the client. While there is plenty of content explaining the principles of the handshake, there's less information about certificates, which are a critical component of TLS/SSL. This series of articles aim to explain what certificates are used for, how Google prevents others from impersonating Google, and why certificate issues frequently arise, among other topics. (Postscript: It took me a full 10 hours to w...
CLIENTS,WEBSITE,CERTIFICATE,SSL CERTIFICATE 2024-07-26 22:22:28
Goodbye Manual Processes, Hello Automation Certificate Lifecycle Management Like It’s Supposed to Be
At the heart of every story lies a villain and a hero. In the never-ending story of certificate lifecycle management, there’s no bigger villain than manual effort. Destructive, irrepressible, and risk-laden, this villain causes nothing but mayhem and loss. Automation, the hero, is the complete opposite of manual effort. Proactive, solution-oriented, and breach-proof, this hero deserves recognition, allegiance, and attention, yet they get none of that from a majority of today’s organi...
DATA SECURITY,CERTIFICATE 2023-06-20 08:10:02
Different types of keystore in Java -- BKS
BKS is a keystore format provided by the popular third party Java cryptographic library provider -- BouncyCastle. It is a keystore similar to the JKS provided by Oracle JDK. Before starting to use BKS, the BouncyCastle provider has to be downloaded and installed. To download the provider, please go to BouncyCastle download page. The provider can be installed by adding an entry in the java.security file. security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider N means the pr...
JAVA,KEYSTORE,BOUNCYCASTLE,BKS 2016-07-03 03:00:18
All I Know About Certificates -- Websites
In last article, we know the role of clients and their responsibilities for certificate verification. Finally, let's talk about websites. We've discussed many potential issues between CAs and clients concerning certificates, but the most frequent issue is with websites—many websites have faced this problem: certificate expiration. Websites need to ensure two things: Ensure their certificate does not expire. Protect their private key from being leaked. If someone else obtains the priv...
CLIENTS,WEBSITES,SSL CERTIFICATE,CERTIFICATE AUTHORITY,CA 2024-07-26 22:33:29
HeartBleed: Inside the heart, what happens to a normal WEB user?
To be brief, our email, IM, facebook etc. are at the risk, so try to minimize the access in these few days. Especially we should try to avoid log into our internet-banking, because we may expose our user id and password. Also later when the service providers fix the bug, we would better to change a new password for all the web accounts that are important to us. Here comes the technical explanation. You might notice before that a lot of websites use URL starting with "https". For example, https:/...
HeartBleed,Analysis 2014-04-09 22:41:43
RECENT
- How Artificial Intelligence Is Helping Fight Environmental Challenges
- How to Deal with Accusations of Negligence as a Business
- Google's Business Operations in China Amid Antitrust Scrutiny
- Deploying DeepSeek-R1 Locally with a Custom RAG Knowledge Data Base
- Balancing Convenience and Security in the Digital World
- My AI Learning Journey: Exploring the Future of Technology
- Power Grid Simulation System 02 : FDI Power Outage Attack Case Study
- Be Careful When Using Cursor to Help Build Application
- Calculating Token Count for Claude API Using Go: A Step-by-Step Guide
- Understanding Cursor and WindSurf's Code Indexing Logic
- more>>
