Package com.unboundid.util.ssl.cert
This package provides a number of classes that can be used to parse X.509
certificates, PKCS #8 private keys, PKCS #10 certificate signing requests,
and other related entities.
This package also provides the
This package also provides the
ManageCertificates
class, which
implements a command-line tool for performing all kinds of
It also provides a manage-certificates command-line
tool that provides support for several certificate-related and key-related
functions, including:
- Listing the contents of a JKS or PKCS #12 keystore.
- Exporting certificates and private keys from a JKS or PKCS #12 keystore to PEM or DER files.
- Importing certificates and private keys from PEM or DER files into a JKS or PKCS #12 keystore.
- Removing certificates and private keys from a JKS or PKCS #12 keystore.
- Generating self-signed certificates in JKS or PKCS #12 keystore.
- Generating certificate signing requests (CSRs) from a key in a JKS or PKCS #12 keystore (creating a new key if necessary).
- Signing certificate signing requests using a certificate in a JKS or PKCS #12 keystore.
- Changing the alias of a certificate or key in a JKS or PKCS #12 keystore.
- Connecting to a server, initiating TLS negotiation, capturing the certificate chain presented during that negotiation process, and importing the chain into a JKS or PKCS #12 keystore so that it can be used as a trust store for TLS clients.
- Validating the suitability of a specified certificate in a JKS or PKCS #12 keystore for use as a TLS sever certificate.
- Decoding and printing a set of PEM-formatted or DER-formatted certificates contained in a specified file.
- Decoding and printing a PEM-formatted or DER-formatted certificate signing request contained in a specified file.
-
Class Summary Class Description AuthorityKeyIdentifierExtension This class provides an implementation of the authority key identifier X.509 certificate extension as described in RFC 5280 section 4.2.1.1.BasicConstraintsExtension This class provides an implementation of the basic constraints X.509 certificate extension as described in RFC 5280 section 4.2.1.9.CRLDistributionPoint This class implements a data structure that provides information about a CRL distribution point for use in conjunction with theCRLDistributionPointsExtension
.CRLDistributionPointsExtension This class provides an implementation of the CRL distribution points X.509 certificate extension as described in RFC 5280 section 4.2.1.13.DecodedPrivateKey This class defines the parent class for a decoded private key that may appear in a PKCS #8 private key object.DecodedPublicKey This class defines the parent class for a decoded public key that may appear in an X.509 certificate.EllipticCurvePrivateKey This class provides a data structure for representing the information contained in an elliptic curve private key.EllipticCurvePublicKey This class provides a data structure for representing the information contained in an elliptic curve public key in an X.509 certificate.ExtendedKeyUsageExtension This class provides an implementation of the extended key usage X.509 certificate extension as described in RFC 5280 section 4.2.1.12.GeneralAlternativeNameExtension This class provides support for decoding the values of theSubjectAlternativeNameExtension
andIssuerAlternativeNameExtension
extensions as described in RFC 5280 sections 4.2.1.6 and 4.2.1.7.GeneralNames This class provides a data structure that represents aGeneralNames
element that may appear in a number of X.509 certificate extensions, includingSubjectAlternativeNameExtension
,IssuerAlternativeNameExtension
,AuthorityKeyIdentifierExtension
, andCRLDistributionPointsExtension
.IssuerAlternativeNameExtension This class provides an implementation of the issuer alternative name X.509 certificate extension as described in RFC 5280 section 4.2.1.7.KeyUsageExtension This class provides an implementation of the key usage X.509 certificate extension as described in RFC 5280 section 4.2.1.3.ManageCertificates This class provides a tool that can be used to manage X.509 certificates for use in TLS communication.PKCS10CertificateSigningRequest This class provides support for decoding a PKCS #10 certificate signing request (aka certification request or CSR) as defined in RFC 2986.PKCS8PEMFileReader This class provides a mechanism for reading a PEM-encoded PKCS #8 private key from a specified file.PKCS8PrivateKey This class provides support for decoding an X.509 private key encoded in the PKCS #8 format as defined in RFC 5958.RSAPrivateKey This class provides a data structure for representing the information contained in an RSA private key.RSAPublicKey This class provides a data structure for representing the information contained in an RSA public key in an X.509 certificate.SubjectAlternativeNameExtension This class provides an implementation of the subject alternative name X.509 certificate extension as described in RFC 5280 section 4.2.1.6.SubjectKeyIdentifierExtension This class provides an implementation of the subject key identifier X.509 certificate extension as described in RFC 5280 section 4.2.1.2.X509Certificate This class provides support for decoding an X.509 certificate as defined in RFC 5280.X509CertificateExtension This class represents a data structure that holds information about an X.509 certificate extension.X509PEMFileReader This class provides a mechanism for reading PEM-encoded X.509 certificates from a specified file. -
Enum Summary Enum Description CRLDistributionPointRevocationReason This enum defines a set of reasons for which a CRL distribution point may revoke a certificate.ExtendedKeyUsageID This enum defines a set of OIDs that are known to be used in theExtendedKeyUsageExtension
.NamedCurve This enum defines a set of OIDs that are known to be associated with elliptic curve keys.PKCS10CertificateSigningRequestVersion This enum defines a set of supported PKCS #10 certificate signing request versions.PKCS8PrivateKeyVersion This enum defines a set of supported PKCS #8 private key versions.PublicKeyAlgorithmIdentifier This enum defines a set of public key algorithm names and OIDs.RSAPrivateKeyVersion This enum defines a set of supported RSA private key versions.SignatureAlgorithmIdentifier This enum defines a set of algorithm names and OIDs.X509CertificateVersion This enum defines a set of supported X.509 certificate versions. -
Exception Summary Exception Description CertException This class defines an exception that can be thrown if a problem is encountered while performing certificate processing.