Re: Query : Usage of Certificates

Jan Luehe (luehe@laguna.eng.sun.com)
Wed, 5 Aug 1998 10:07:58 -0700 (PDT)

Date: Wed, 5 Aug 1998 10:07:58 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: Query : Usage of Certificates
To: java-security@java.Sun.COM, vgoenka@novell.com

Vishal:

> The CertificateFactory in JDK1.2b4 as well as X509Certificate class allows
methods to read a certificate from their encoding (from a byte[] or an
inputstream), but doesn't provide interfaces to generate a certificate. How does
one create an x509 certificate for example, starting with the public key to be
certified, filling up attribute values for various x509Certificate attributes,
and finally signing it using a signer?

Currently, the only way to generate a certificate is by using
keytool, which stores the generated certificate in your keystore
(from where you can retrieve it using either keytool or
the java.security.KeyStore API methods).

We may be providing certificate creation methods in a
separate extension package.
We decided not to provide that functionality in the JDK core,
because we felt that supplying just certificate creation
API methods without support for the underlying (CA) infrastructure
was not sufficient.

Jan