Construct secure networked applications with certificates, Part 4

Authenticate clients and servers, and verify certificate chains

1 2 Page 2
Page 2 of 2

Future directions

Earlier I mentioned that certificate verification is a lengthy process, and that implementers are prone to making mistakes. Luckily, help is on the way. Java Specification Request #55, Certification Path API, lead by Sean Mullen of Sun, will provide a general purpose API for completing X.509 certification path (or chain) verification according to the emerging PKIX standards. If carried out correctly, it will greatly simplify the process of certificate verification.

Conclusion

This article wraps up my coverage of X.509 certificate support in Java. You should now have the tools and understanding necessary to build your own applications using X.509 technology. It should be clear from the section on certificate validation above that you have only explored the tip of the iceberg; you can proceed in any number of directions to deepen your understanding. For the novice, I recommend learning more about existing technologies that use X.509 -- such as SSL. That path will offer you the greatest practical understanding of the material.

Todd Sundsted has been writing programs since computers became available in desktop models. Though originally interested in building distributed applications in C++, Todd moved on to the Java programming language when it became the obvious choice for that sort of thing. In addition to writing, Todd is cofounder and chief architect of PointFire.

Learn more about this topic

1 2 Page 2
Page 2 of 2