Tuesday, December 25, 2012

Read data from SSL X.509 Certificates

According to X.509, you can create certificates with either RSA or DSA key pairs. But only RSA key pairs are capable of exchanging keys when starting a new SSL connection with a SSL server. You can only use RSA key pairs as your server certificates. On the other hand, CAs do not have to exchange keys. They only issue other certificates. You can use either RSA or DSA key pair as your CAs. But, some SSL programs do not support the DSA algorithm yet.

Sometimes u need check certificate valid date on server. U can do this in java simple:

FileInputStream certFileInputStream = new FileInputStream("/home/vasif/handysofts.com.crt");
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)certFactory.generateCertificate(certFileInputStream);
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss");
String validEndDate = sdf.format(cert.getNotAfter());
String validBeginDate = sdf.format(cert.getNotBefore());
System.out.println("Valid From "+" "+validBeginDate+" to "+validEndDate);

No comments:

Post a Comment