Java validating a certificate Black bulls dating site
The PKIX standards define an algorithm for validating certification paths consisting of X.509 certificates.
Often a user may not have a certification path from a most-trusted CA to the subject.
Helpful comments and advice were received from many in the technical community, especially Mary Dageforde, Edward Dobner, Tom Gindin, Jan Luehe, David Kuehr-Mc Laren, Parag Salvi, Alexei Semidetnov, and Yanni Zhang.
This document is intended for two classes of experienced developers: Users of public key applications and systems must be confident that a subject's public key is genuine, i.e., that the associated private key is owned by the subject.
Providing services to build or discover certification paths is an important feature of public key enabled systems.
RFC 2587 defines an LDAP (Lightweight Directory Access Protocol) schema definition which facilitates the discovery of X.509 certification paths using the LDAP directory service protocol.
This logic can be applied recursively, until a chain of certificates (or a certification path) is discovered from a general, a certification path is an ordered list of certificates, usually comprised of the end-entity's public key certificate and zero or more additional certificates.
A certification path typically has one or more encodings, allowing it to be safely transmitted across networks and to different operating system architectures.
The author would like to thank the individuals who contributed to the Certification Path API and provided useful comments and technical advice.We shall use the term CA to refer to an entity that signs a certificate for the remainder of this section.