SEARCH KEYWORD -- CERTIFICATE
Different types of keystore in Java -- JKS
JKS is Java Keystore, a proprietary keystore type designed for Java. It can be used to store private keys and certificates used for SSL communication, it cannot store secret keys however. The keytool shipped with JDKs cannot extract private keys stored on JKS. This type of keystore usually has an extension of jks. Next we will show how to operate the JKS keystore with pure Java code. Create JKS keystore The simplest method to create a JKS keystore to create an empty keystore. We can first get an...
Generate signed certificate from CSR in Java
In our previous tutorial, we have explained how to generate CSR which can be sent to CA for generating a signed certificate. In this tutorial, we will explain how to generate the signed certificate from CSR in Java. We will not use an actual CA but a self-signed certificate to act as a CA certificate. Since the CSR contains the subject information where a certificate needs to be generated and signed for. The key here is to extract the subject information from the CSR and then set it as the subje...
JAVA,CSR,SIGN CERTIFICATE 2020-10-24 07:03:17
Generate certificate with cRLDistributionPoints extension using OpenSSL
In an X509 certificate, the cRLDistributionPoints extension provides a mechanism for the certificate validator to retrieve a CRL(Certificate Revocation List) which can be used to verify whether the given certificate is revoked. A cRLDistributionPoints extension can contain one or more DistributionPoints where the CRL can be retrieved from. Each DistributionPoint consists of three fields,each of which is optional: distributionPoint : it contains either a SEQUENCE of general...
X509,OPENSSL,CERTIFICATE,CRLDISTRIBUTIONPOINT,EXTENSION 2015-10-22 03:41:11
When a CA becomes untrustable
Information security has become a vital part of people's life, especially for those people who spend much time online. Tons of data are being transmitted over the internet every second. These data include user ids, passwords, credit card information etc and some of them are sensitive information which needs secure way to transmit. Hence different protocols have been developed including SSL/TLS to encrypt data transmitted over the internet. The core of these security protocols is the certifi...
APPLE,SECURITY,GOOGLE,MOZILLA,NEWS,WOSIGN 2016-10-01 23:03:44
Different types of keystore in Java -- PKCS12
PKCS12 is an active file format for storing cryptography objects as a single file. It can be used to store secret key, private key and certificate.It is a standardized format published by RSA Laboratories which means it can be used not only in Java but also in other libraries in C, C++ or C# etc. This file format is frequently used to import and export entries from or to other keystore types. Next we will explain the operations which can be performed on PKCS12 keystore. Create PKCS12 keystore Be...
Goodbye Manual Processes, Hello Automation Certificate Lifecycle Management Like It’s Supposed to Be
At the heart of every story lies a villain and a hero. In the never-ending story of certificate lifecycle management, there’s no bigger villain than manual effort. Destructive, irrepressible, and risk-laden, this villain causes nothing but mayhem and loss. Automation, the hero, is the complete opposite of manual effort. Proactive, solution-oriented, and breach-proof, this hero deserves recognition, allegiance, and attention, yet they get none of that from a majority of today’s organi...
DATA SECURITY,CERTIFICATE 2023-06-20 08:10:02
Different types of keystore in Java -- BKS
BKS is a keystore format provided by the popular third party Java cryptographic library provider -- BouncyCastle. It is a keystore similar to the JKS provided by Oracle JDK. Before starting to use BKS, the BouncyCastle provider has to be downloaded and installed. To download the provider, please go to BouncyCastle download page. The provider can be installed by adding an entry in the java.security file. security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider N means the pr...
JAVA,KEYSTORE,BOUNCYCASTLE,BKS 2016-07-03 03:00:18
HeartBleed: Inside the heart, what happens to a normal WEB user?
To be brief, our email, IM, facebook etc. are at the risk, so try to minimize the access in these few days. Especially we should try to avoid log into our internet-banking, because we may expose our user id and password. Also later when the service providers fix the bug, we would better to change a new password for all the web accounts that are important to us. Here comes the technical explanation. You might notice before that a lot of websites use URL starting with "https". For example, https:/...
HeartBleed,Analysis 2014-04-09 22:41:43
OpenLDAP Proxy -- Tricks and tips
Just like other software configuration, there would be issues encountered during the OpenLDAP proxy setup process. In this post, we would try to summarize some of the tricks and tips for OpenLDAP proxy setup. OpenLDAP Version We would always recommend that you install the latest version of the OpenLDAP because they contain the latest features, bug fixes and security patches. You should always refer to the latest release notes for new changes. In case you have used an earlier version of Open...
SSL,AUTHENTICATION,OPENLDAP,OPENLDAP PROXY,ATTRIBUTE MAPPING,OVERLAY 2017-11-04 04:29:38
Different types of keystore in Java -- Overview
Keystore is a storage facility to store cryptographic keys and certificates. They are most frequently used in SSL communications to prove the identity of servers and clients. A keystore can be a file or a hardware device. Three are three kinds of entries can be stored in a keystore depending on the types of keystores. The three types of entries are: PrivateKey : This is a type of keys which are used in asymmetric cryptography. It is usually protected with password because of its sensitivity. It ...
JAVA,KEYSTORE,OVERVIEW,JKS,PKCS12,JCEKS,PKCS11,DKS,BKS 2014-08-18 02:09:54
RECENT
- Tips for Socializing With Friends During College
- Proximity Cards Do More Than Just Open Doors
- How to choose quality painted auto parts
- Oval engagement rings from MoonOcean: Elegance of form and individual approach
- Hologres vs AWS Redshift
- GoLand connect to Hologres
- A journey to investigate a goroutine leakage case
- Understanding Slice Behavior in Go
- Breaking Barriers: How 3D Printing is Democratizing Product Development
- The Power of Efficiency: 10 Practical Energy-Saving Tips for Tech Startups
- more>>