• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Paweł Baczyński
  • Piet Souris
  • Vijitha Kumara

set up a PKI the Java way (without openssl)

 
Ranch Foreman
Posts: 37
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I've just hacked together a few lines to set up your own PKI with BouncyCastle creating a root certificate, an intermediate certificate, a server certiifcate and a client certificate. In addition I've added an example with client certificate authentication.
This can be extended with CRL and/or OSCP to implement revocation checking, but I stripped that out. Also: when using CRL according to RFC one should host them over HTTP instead of HTTPS. As reason its explained that by PKI the integrity of the files is secured, so there's no need for secure transfer. In addition when use HTTPS this could lead to circular dependencies.




Lot of duplicated code could be extracted to methods or even helper classes. I've just stuck to the style of bouncycastle example documentation wich pretty much looks the same.
 
The overall mission is to change the world. When you've done that, then you can read this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!