x509 certificates in few links

Certificates were always a little fleeing mistery to me. I always wanted to know more about them and never found the time. Few weeks back I finally kicked myself and spend one day with the certificates, signatures, signing and all that jazz. Here is a list of excelent sources.

Excelent intro description into certificates can be found suprisingly on Oracle documentation website for keytool application under section certificates:


It contains definitions of elementary terms along with good explanation. It also shows you how the operations can be done using keytool … a command line utility for managing keys and key stores. Keytool is nice, but it’s a little cumbersome to use. Replace it with excelent GUI application Keystore Explorer:


Java in its basic installation package does not allow to create / handle keys with larger lengths using Java cryptography API. You need to install patch:


The Keystore Explorer guides you to install this patch step by step in a nice interactive drag and drop style.

Simple important things to remember:

  • Certificate is a implementation of digital signature. I consists of private key which is used to sign messages and public key which is used to verify the signature.
  • Signature in x509 ┬ácertificate is represented by DN (distinquished name)
  • Certificates can be issued (signed) by a third party (certificate authority).
  • Certificate can also be self signed (Issuer DN = Certificate DN). How to validate self signed certificate:
    • Generate a self signed certificate.
    • Export certificate public key. Send it to recipient.
    • Generate message, sign it with your private key.
    • Send message to recipient
    • Recipient verifies signature with public key