Java Tools Tutorials - Herong's Tutorial Notes - Version 5.32, by Dr. Herong Yang

Java Tools Tutorials - Herong's Tutorial Notes

∟'keytool' - Public Key Certificate Tool

∟Certificates and Certificate Chains

Certificate: A digitally signed statement from the issuer saying that the public key of the subject has some specific value.

The above definition is copied from the JDK documentation. It has a couple of important terms:

• "signed statement" - The certificate must be signed by the issuer with a digital signature.
• "issuer" - The person or organization who is issuing this certificate.
• "public key" - The public key of a key pair selected by the subject.
• "subject" - The person or organization who owns the public key.

X.509 Certificate - A certificate written in X.509 standard format. X.509 standard was introduction in 1988. It requires a certificate to have the following information:

• Version - X.509 standard version number.
• Serial Number - A sequence number given to each certificate.
• Signature Algorithm Identifier - Name of the algorithm used to sign this certificate by the issuer
• Issuer Name - Name of the issuer.
• Validity Period - Period during which this certificate is valid.
• Subject Name - Name of the owner of the public key.
• Subject Public Key Information - The public key and its related information.

How can you get a certificate for your own public key?

• Requesting it from a Certificate Authority (CA), like VeriSign, Thawte or Entrust.
• Doing it yourself - using tools like JDK "keytool" to generate a self-signed certificate.

Certificate Chain: A series of certificates that one certificate signs the public key of the issuer of the next certificate. Usually the top certificate (the first certificate) is self-signed, where issuer signed its own public key.

Last update: 2015.

Table of Contents

 About This Book

 Java Tools Terminology

 Installing Java 8 on Windows

 'javac' - The Java Program Compiler

 'java' - The Java Program Launcher

 'jdb' - The Java Debugger

 'jconsole' - Java Monitoring and Management Console

 'jstat' - JVM Statistics Monitoring Tool

 JVM Troubleshooting Tools

 jvisualvm (Java VisualVM) - JVM Visual Tool

 'jar' - The JAR File Tool

 'javap' - The Java Class File Disassembler

►'keytool' - Public Key Certificate Tool

►Certificates and Certificate Chains

 'keystore' - Public Key Certificate Storage File

 JDK 1.5 'keytool' - keystore File Management Commands

 JDK 1.6 'keytool' - keystore File Management Commands

 Generating Key Pairs and Self-Signed Certificates

 Exporting and Import Certificates

 Cloning Certificates with New Identities

 'native2ascii' - Native-to-ASCII Encoding Converter

 Outdated Tutorials

 References

 PDF Printing Version

Certificates and Certificate Chains - Updated in 2017, by Dr. Herong Yang