Today's Question:  What does your personal desk look like?        GIVE A SHOUT

SEARCH KEYWORD -- CERTIFICATE CHAIN

  Different types of keystore in Java -- BKS

BKS is a keystore format provided by the popular third party Java cryptographic library provider -- BouncyCastle. It is a keystore similar to the JKS provided by Oracle JDK.  Before starting to use BKS, the BouncyCastle provider has to be downloaded and installed. To download the provider, please go to BouncyCastle download page. The provider can be installed by adding an entry in the java.security file. security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider N means the pr...

   JAVA,KEYSTORE,BOUNCYCASTLE,BKS     2016-07-03 03:00:18

  Generate certificate from cert file in Java

A certificate is often used to prove the identity of a server. The certificate will contain information such as the subject and issuer of the certificate. It will also contain the validation date of the certificate. A certificate is often exported to an external cert file which is transferred over the internet. We will often see its use in SSL communication which provides secure communication between two entities. In this post, we will show how to read the data from an external certificate file ...

   PKCS12,CertificateFactory,Example,Java,X509     2015-06-08 06:47:05

  Generate signed certificate from CSR in Java

In our previous tutorial, we have explained how to generate CSR which can be sent to CA for generating a signed certificate. In this tutorial, we will explain how to generate the signed certificate from CSR in Java. We will not use an actual CA but a self-signed certificate to act as a CA certificate. Since the CSR contains the subject information where a certificate needs to be generated and signed for. The key here is to extract the subject information from the CSR and then set it as the subje...

   JAVA,CSR,SIGN CERTIFICATE     2020-10-24 07:03:17

  Generating CSR using Java

A CSR(Certificate Signing Request) is a kind of request generated by an application and is to be sent to a Certificate Authority to create a signed certificate which can be distributed. It usually contains certificate information such as subject name, public key info and signature info. In Java, keytool can be used to generate a certificate request with option -certreq.  But sometimes if an application wants to create a CSR programmatically, keytool will not do a favor, instead you should u...

   JAVA,SECURITY,CSR,CERTIFICATE REQUEST     2016-05-25 04:49:17

  When a CA becomes untrustable

Information security has become a vital part of people's life, especially for those people who spend much time online. Tons of data are being transmitted over the internet every second. These data include user ids, passwords, credit card information etc and some of them are sensitive information which needs secure way to transmit. Hence different protocols have been developed including SSL/TLS to encrypt data transmitted over the internet. The core of these security protocols is the certifi...

   APPLE,SECURITY,GOOGLE,MOZILLA,NEWS,WOSIGN     2016-10-01 23:03:44

  Generate certificate with cRLDistributionPoints extension using OpenSSL

In an X509 certificate, the cRLDistributionPoints extension provides a mechanism for the certificate validator to retrieve a CRL(Certificate Revocation List) which can be used to verify whether the given certificate is revoked.   A cRLDistributionPoints extension can contain one or more DistributionPoints where the CRL can be retrieved from. Each DistributionPoint consists of three fields,each of which is optional: distributionPoint : it contains either a SEQUENCE of general...

   X509,OPENSSL,CERTIFICATE,CRLDISTRIBUTIONPOINT,EXTENSION     2015-10-22 03:41:11

  Goodbye Manual Processes, Hello Automation Certificate Lifecycle Management Like It’s Supposed to Be

At the heart of every story lies a villain and a hero. In the never-ending story of certificate lifecycle management, there’s no bigger villain than manual effort. Destructive, irrepressible, and risk-laden, this villain causes nothing but mayhem and loss. Automation, the hero, is the complete opposite of manual effort. Proactive, solution-oriented, and breach-proof, this hero deserves recognition, allegiance, and attention, yet they get none of that from a majority of today’s organi...

   DATA SECURITY,CERTIFICATE     2023-06-20 08:10:02

  Using Java keytool programmatically

Java provides a command line tool to access and operate different keystore which store keys and certificates. This tool is named keytool and is located at \bin.  On command line, you can issue below command to generate a keystore named mytest.jks which contains a private key and certificate chain. keytool -genkeypair -alias mykey -keyalg RSA -sigalg SHA256withRSA -dname CN=Java -storetype JKS -keypass password -keystore mytest.jks -storepass password Sometimes, in testing purpose, w...

   JAVA,KEYTOOL     2016-01-09 06:28:07

  HeartBleed: Inside the heart, what happens to a normal WEB user?

To be brief, our email, IM, facebook etc. are at the risk, so try to minimize the access in these few days. Especially we should try to avoid log into our internet-banking, because we may expose our user id and password. Also later when the service providers fix the bug, we would better to change a new password for all the web accounts that are important to us. Here comes the technical explanation. You might notice before that a lot of websites use URL starting with "https". For example, https:/...

   HeartBleed,Analysis     2014-04-09 22:41:43

  OpenLDAP Proxy -- Tricks and tips

Just like other software configuration, there would be issues encountered during the OpenLDAP proxy setup process. In this post, we would try to summarize some of the tricks and tips for OpenLDAP proxy setup. OpenLDAP Version We would always recommend that you install the latest version of the OpenLDAP because they contain the latest features, bug fixes and security patches. You should always refer to the latest release notes for new changes. In case you have used an earlier version of Open...

   SSL,AUTHENTICATION,OPENLDAP,OPENLDAP PROXY,ATTRIBUTE MAPPING,OVERLAY     2017-11-04 04:29:38

RECENT