Package com.unboundid.util.ssl.cert
package com.unboundid.util.ssl.cert
This package provides a number of classes that can be used to parse X.509
certificates, PKCS #8 private keys, PKCS #10 certificate signing requests,
and other related entities.
This package also provides the
This package also provides the
ManageCertificates class, which
implements a command-line tool for performing all kinds of
It also provides a manage-certificates command-line
tool that provides support for several certificate-related and key-related
functions, including:
- Listing the contents of a JKS or PKCS #12 keystore.
- Exporting certificates and private keys from a JKS or PKCS #12 keystore to PEM or DER files.
- Importing certificates and private keys from PEM or DER files into a JKS or PKCS #12 keystore.
- Removing certificates and private keys from a JKS or PKCS #12 keystore.
- Generating self-signed certificates in JKS or PKCS #12 keystore.
- Generating certificate signing requests (CSRs) from a key in a JKS or PKCS #12 keystore (creating a new key if necessary).
- Signing certificate signing requests using a certificate in a JKS or PKCS #12 keystore.
- Changing the alias of a certificate or key in a JKS or PKCS #12 keystore.
- Connecting to a server, initiating TLS negotiation, capturing the certificate chain presented during that negotiation process, and importing the chain into a JKS or PKCS #12 keystore so that it can be used as a trust store for TLS clients.
- Validating the suitability of a specified certificate in a JKS or PKCS #12 keystore for use as a TLS sever certificate.
- Decoding and printing a set of PEM-formatted or DER-formatted certificates contained in a specified file.
- Decoding and printing a PEM-formatted or DER-formatted certificate signing request contained in a specified file.
-
ClassDescriptionThis class provides an implementation of the authority key identifier X.509 certificate extension as described in RFC 5280 section 4.2.1.1.This class provides an implementation of the basic constraints X.509 certificate extension as described in RFC 5280 section 4.2.1.9.This class defines an exception that can be thrown if a problem is encountered while performing certificate processing.This class implements a data structure that provides information about a CRL distribution point for use in conjunction with the
CRLDistributionPointsExtension.This enum defines a set of reasons for which a CRL distribution point may revoke a certificate.This class provides an implementation of the CRL distribution points X.509 certificate extension as described in RFC 5280 section 4.2.1.13.This class defines the parent class for a decoded private key that may appear in a PKCS #8 private key object.This class defines the parent class for a decoded public key that may appear in an X.509 certificate.This class provides a data structure for representing the information contained in an elliptic curve private key.This class provides a data structure for representing the information contained in an elliptic curve public key in an X.509 certificate.This class provides an implementation of the extended key usage X.509 certificate extension as described in RFC 5280 section 4.2.1.12.This enum defines a set of OIDs that are known to be used in theExtendedKeyUsageExtension.This class provides support for decoding the values of theSubjectAlternativeNameExtensionandIssuerAlternativeNameExtensionextensions as described in RFC 5280 sections 4.2.1.6 and 4.2.1.7.This class provides a data structure that represents aGeneralNameselement that may appear in a number of X.509 certificate extensions, includingSubjectAlternativeNameExtension,IssuerAlternativeNameExtension,AuthorityKeyIdentifierExtension, andCRLDistributionPointsExtension.This class provides an implementation of the issuer alternative name X.509 certificate extension as described in RFC 5280 section 4.2.1.7.This class provides an implementation of the key usage X.509 certificate extension as described in RFC 5280 section 4.2.1.3.This class provides a tool that can be used to manage X.509 certificates for use in TLS communication.This enum defines a set of OIDs that are known to be associated with elliptic curve keys.This class provides support for decoding a PKCS #10 certificate signing request (aka certification request or CSR) as defined in RFC 2986.This enum defines a set of supported PKCS #10 certificate signing request versions.This enum defines a set of OIDs and algorithm names for password-based cryptography as described in the PKCS #5 specification defined in RFC 8018.This class provides a set of utility methods for interacting with encrypted PKCS #8 private keys.This class defines a set of properties that may be used when encrypting a PKCS #8 private key.This class provides a mechanism for reading a PEM-encoded PKCS #8 private key from a specified file.This class provides support for decoding an X.509 private key encoded in the PKCS #8 format as defined in RFC 5958.This enum defines a set of supported PKCS #8 private key versions.This enum defines a set of public key algorithm names and OIDs.This class provides a data structure for representing the information contained in an RSA private key.This enum defines a set of supported RSA private key versions.This class provides a data structure for representing the information contained in an RSA public key in an X.509 certificate.This enum defines a set of algorithm names and OIDs.This class provides an implementation of the subject alternative name X.509 certificate extension as described in RFC 5280 section 4.2.1.6.This class provides an implementation of the subject key identifier X.509 certificate extension as described in RFC 5280 section 4.2.1.2.This class provides support for decoding an X.509 certificate as defined in RFC 5280.This class represents a data structure that holds information about an X.509 certificate extension.This enum defines a set of supported X.509 certificate versions.This class provides a mechanism for reading PEM-encoded X.509 certificates from a specified file.