• Digital certificates are used for identifying the author (who created the keys) and generally issued by a certification authority (CA)
  • A Digital certificate includes:
    – User (entity) Information
    – User’s public key
    – Digital signature of the CA
    – Issue and expiry date
  • Types of Digital Certificates
    – Secure Socket Layer (SSL) Server certificates
    – Code Signing certificates
    – Client Certificates

Certification Authorities

  • In Java, there are defined sets of trusted certificates provided by some trusted certification authorities such as VeriSign, Entrust or Thawte
  • The Java platform has a special inbuilt key store, cacert that contains certificates from trusted CAs ($JREHOME/lib/security/cacerts)
  • In Java, the class that represents digital certificates is java.security.cert.Certificate
  • Example: ANSI standards and X509 certificates use distinguished name (DN) convention to identify the entities that include
    – commonName (CN)
    – organizationUnit (OU)
    – organizationName (O)
    – localityName (L)
    – stateName (S)
    – country (C)

Certification Authorities (Cont’d)