This section describes what is public key certificates and certificate chains.
Certificate: A digitally signed statement from the issuer saying
that the public key of the subject has some specific value.
The above definition is copied from the JDK 1.3.1 documentation. It has
a couple of important terms:
"signed statement" - The certificate must be signed by the issuer with
a digital signature.
"issuer" - The person or organization who is issuing this certificate.
"public key" - The public key of a key pair selected by the subject.
"subject" - The person or organization who owns the public key.
X.509 Certificate - A certificate written in X.509 standard format.
X.509 standard was introduction in 1988. It requires a certificate to have
the following information:
Version - X.509 standard version number.
Serial Number - A sequence number given to each certificate.
Signature Algorithm Identifier - Name of the algorithm used
to sign this certificate by the issuer
Issuer Name - Name of the issuer.
Validity Period - Period during which this certificate is valid.
Subject Name - Name of the owner of the public key.
Subject Public Key Information - The public key and its related information.
How can you get a certificate for your own public key?
Requesting it from a Certificate Authority (CA), like VeriSign, Thawte or Entrust.
Doing it yourself - using tools like JDK "keytool" to generate a self-signed certificate.
Certificate Chain: A series of certificates that one certificate signs the
public key of the issuer of the next certificate. Usually the top certificate
(the first certificate) is self-signed, where issuer signed its own public key.
