SEARCH KEYWORD -- Certificate chain


  Different types of keystore in Java -- BKS

BKS is a keystore format provided by the popular third party Java cryptographic library provider -- BouncyCastle. It is a keystore similar to the JKS provided by Oracle JDK.  Before starting to use BKS, the BouncyCastle provider has to be downloaded and installed. To download the provider, please go to BouncyCastle download page. The provider can be installed by adding an entry in the java.security file. security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider N means the pr...

   JAVA,KEYSTORE,BOUNCYCASTLE,BKS     2016-07-03 03:00:18

  Generate certificate from cert file in Java

A certificate is often used to prove the identity of a server. The certificate will contain information such as the subject and issuer of the certificate. It will also contain the validation date of the certificate. A certificate is often exported to an external cert file which is transferred over the internet. We will often see its use in SSL communication which provides secure communication between two entities. In this post, we will show how to read the data from an external certificate file ...

   PKCS12,CertificateFactory,Example,Java,X509     2015-06-08 06:47:05

  Generate signed certificate from CSR in Java

In our previous tutorial, we have explained how to generate CSR which can be sent to CA for generating a signed certificate. In this tutorial, we will explain how to generate the signed certificate from CSR in Java. We will not use an actual CA but a self-signed certificate to act as a CA certificate. Since the CSR contains the subject information where a certificate needs to be generated and signed for. The key here is to extract the subject information from the CSR and then set it as the subje...

   JAVA,CSR,SIGN CERTIFICATE     2020-10-24 07:03:17

  All I Know About Certificates -- Certificate Authority

One of the crucial steps in the TLS handshake is for the server to prove its identity to the client. While there is plenty of content explaining the principles of the handshake, there's less information about certificates, which are a critical component of TLS/SSL. This series of articles aim to explain what certificates are used for, how Google prevents others from impersonating Google, and why certificate issues frequently arise, among other topics. (Postscript: It took me a full 10 hours to w...

   CLIENTS,WEBSITE,CERTIFICATE,SSL CERTIFICATE     2024-07-26 22:22:28

  All I Know About Certificates -- Clients

 Finally, in last article we’ve covered the responsibilities of CAs, showing that being a CA isn’t simple and has high management costs, explaining why issuing certificates costs money! This article we will cover the client in this chain. Verifying Certificates as a Client For clients, verifying certificates isn’t simple either. Articles introducing TLS handshakes often mention "the server sends back a certificate, and the client verifies it," but in reality, as ...

   CLIENTS,WEBSITES,SSL CERTIFICATE,CERTIFICATE AUTHORITY,CA     2024-07-26 22:24:30

  When a CA becomes untrustable

Information security has become a vital part of people's life, especially for those people who spend much time online. Tons of data are being transmitted over the internet every second. These data include user ids, passwords, credit card information etc and some of them are sensitive information which needs secure way to transmit. Hence different protocols have been developed including SSL/TLS to encrypt data transmitted over the internet. The core of these security protocols is the certifi...

   APPLE,SECURITY,GOOGLE,MOZILLA,NEWS,WOSIGN     2016-10-01 23:03:44

  Generating CSR using Java

A CSR(Certificate Signing Request) is a kind of request generated by an application and is to be sent to a Certificate Authority to create a signed certificate which can be distributed. It usually contains certificate information such as subject name, public key info and signature info. In Java, keytool can be used to generate a certificate request with option -certreq.  But sometimes if an application wants to create a CSR programmatically, keytool will not do a favor, instead you should u...

   JAVA,SECURITY,CSR,CERTIFICATE REQUEST     2016-05-25 04:49:17

  Generate certificate with cRLDistributionPoints extension using OpenSSL

In an X509 certificate, the cRLDistributionPoints extension provides a mechanism for the certificate validator to retrieve a CRL(Certificate Revocation List) which can be used to verify whether the given certificate is revoked.   A cRLDistributionPoints extension can contain one or more DistributionPoints where the CRL can be retrieved from. Each DistributionPoint consists of three fields,each of which is optional: distributionPoint : it contains either a SEQUENCE of general...

   X509,OPENSSL,CERTIFICATE,CRLDISTRIBUTIONPOINT,EXTENSION     2015-10-22 03:41:11

  All I Know About Certificates -- Websites

In last article, we know the role of clients and their responsibilities for certificate verification. Finally, let's talk about websites. We've discussed many potential issues between CAs and clients concerning certificates, but the most frequent issue is with websites—many websites have faced this problem: certificate expiration. Websites need to ensure two things: Ensure their certificate does not expire. Protect their private key from being leaked. If someone else obtains the priv...

   CLIENTS,WEBSITES,SSL CERTIFICATE,CERTIFICATE AUTHORITY,CA     2024-07-26 22:33:29

  Goodbye Manual Processes, Hello Automation Certificate Lifecycle Management Like It’s Supposed to Be

At the heart of every story lies a villain and a hero. In the never-ending story of certificate lifecycle management, there’s no bigger villain than manual effort. Destructive, irrepressible, and risk-laden, this villain causes nothing but mayhem and loss. Automation, the hero, is the complete opposite of manual effort. Proactive, solution-oriented, and breach-proof, this hero deserves recognition, allegiance, and attention, yet they get none of that from a majority of today’s organi...

   DATA SECURITY,CERTIFICATE     2023-06-20 08:10:02

RECENT