IP*Works! SSH V9 - Online Help
IP*Works! SSH V9
Questions / Feedback?

Certificate Type

The digital certificate being used.

Remarks

This type describes the current digital certificate. The certificate may be a public or private key. The fields are used to identify or select certificates.

Fields

EffectiveDate
String

The date which this certificate becomes valid. Prior to this it is not valid. The following is an example of an encoded date illustrating the format:

23-Jan-2000 15:00:00.

Encoded
String

The certificate (PEM/base64 encoded). This field is used to assign a specific certificate for client authentication (server authentication in the case of Daemon beans). The Store and Subject fields may also be used to specify a certificate.

When Encoded is set, a search is initiated in the current Store for the private key of the certificate. If the key is found, Subject is updated to reflect the full subject of the selected certificate, otherwise Subject is set to empty string.

EncodedB
byte []

The certificate (PEM/base64 encoded). This field is used to assign a specific certificate for client authentication (server authentication in the case of Daemon beans). The Store and Subject fields may also be used to specify a certificate.

When Encoded is set, a search is initiated in the current Store for the private key of the certificate. If the key is found, Subject is updated to reflect the full subject of the selected certificate, otherwise Subject is set to empty string.

ExpirationDate
String

The date the certificate expires. Dates following this date, the certificate will no longer be valid. The following is an example of an encoded date illustrating the format:

23-Jan-2001 15:00:00.

ExtendedKeyUsage
String

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 Object-Identifiers (OIDs).

Fingerprint
String

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

This is in the form:

bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

Issuer
String

The issuer of the certificate. This field contains a string representation of the name of the issuing authority for the certificate.

KeyPassword
String

The password for the certificate's private key (if any).

Some certificate stores may individually protect certificates' private keys, separate from the standard protection offered by the StorePassword. KeyPassword. This can be used to read such password-protected private keys.

Note: this property defaults to the value of StorePassword. To clear it, you must set the property to the empty string (""). It can be set at any time, but must be set before calling PrivateKey when the private key's password is different from the store's.

PrivateKey
String

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The PrivateKey may be available, but not exportable. In this case, PrivateKey returns an empty string.

PrivateKeyAvailable
boolean

Shows whether a PrivateKey is available for the selected certificate. If PrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g. server authentication).

PrivateKeyContainer
String

The name of the PrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.

PublicKey
String

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

PublicKeyAlgorithm
String

Textual description of the public key algorithm of the certificate. The property contains either the name of the algorithm (such as "RSA" or "RSA_DH"), or an object identifier (OID) string representing the algorithm.

PublicKeyLength
int

The length of the certificate public key (in bits). Common values are 512, 1024, and 2048.

SerialNumber
String

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, each two of them representing a byte of the serial number.

SignatureAlgorithm
String

Text description of the signature algorithm of the certificate. The property contains either the name of the algorithm (such as "RSA" or "RSA_MD5RSA"), or an object identifier (OID) string representing the algorithm.

Store
String

The name of the certificate store for the client certificate.

The StoreType field specifies the type of the certificate store specified by Store. If the store is password protected, specify the password in StorePassword.

Store is used in conjunction with the Subject field in order to specify client certificates. If Store has a value, and Subject or Encoded is set, a search for a certificate is initiated. Please refer to the Subject field for details.

Designations of certificate stores are platform-dependent.

The following are designations of the most common User and Machine certificate stores in Windows:

MYA certificate store holding personal certificates with their associated private keys.
CACertifying authority certificates.
ROOTRoot certificates.

In Java, the certificate store normally is a file containing certificates and optional private keys.

When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).

If the provider is OpenSSL, the certificate store is a file containing a certificate and a private key. This property must be set to the name of the file.

StoreB
byte []

The name of the certificate store for the client certificate.

The StoreType field specifies the type of the certificate store specified by Store. If the store is password protected, specify the password in StorePassword.

Store is used in conjunction with the Subject field in order to specify client certificates. If Store has a value, and Subject or Encoded is set, a search for a certificate is initiated. Please refer to the Subject field for details.

Designations of certificate stores are platform-dependent.

The following are designations of the most common User and Machine certificate stores in Windows:

MYA certificate store holding personal certificates with their associated private keys.
CACertifying authority certificates.
ROOTRoot certificates.

In Java, the certificate store normally is a file containing certificates and optional private keys.

When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).

If the provider is OpenSSL, the certificate store is a file containing a certificate and a private key. This property must be set to the name of the file.

StorePassword
String

If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.

StoreType
int

The type of certificate store for this certificate.

This property can take one of the following values:

0 (cstUser - default)For Windows, this specifies that the certificate store is a certificate store owned by the current user. Note: this store type is not available in Java.
1 (cstMachine)For Windows, this specifies that the certificate store is a machine store. Note: this store type is not available in Java.
2 (cstPFXFile)The certificate store is the name of a PFX (PKCS12) file containing certificates.
3 (cstPFXBlob)The certificate store is a string (binary or base64-encoded) representing a certificate store in PFX (PKCS12) format.
4 (cstJKSFile)The certificate store is the name of a Java Key Store (JKS) file containing certificates. Note: this store type is only available in Java.
5 (cstJKSBlob)The certificate store is a string (binary or base64-encoded) representing a certificate store in Java Key Store (JKS) format. Note: this store type is only available in Java.
6 (cstPEMKeyFile)The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate.
7 (cstPEMKeyBlob)The certificate store is a string (binary or base64-encoded) that contains a private key and an optional certificate.
8 (cstPublicKeyFile)The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate.
9 (cstPublicKeyBlob)The certificate store is a string (binary or base64-encoded) that contains a PEM- or DER-encoded public key certificate.
10 (cstSSHPublicKeyBlob)The certificate store is a string (binary or base64-encoded) that contains an SSH-style public key.
11 (cstP7BFile)The certificate store is the name of a PKCS7 file containing certificates.
12 (cstP7BBlob)The certificate store is a string (binary) representing a certificate store in PKCS7 format.
13 (cstSSHPublicKeyFile)The certificate store is the name of a file that contains an SSH-style public key.
14 (cstPPKFile)The certificate store is the name of a file that contains a PPK (PuTTY Private Key).
15 (cstPPKBlob)The certificate store is a string (binary) that contains a PPK (PuTTY Private Key).
16 (cstXMLFile)The certificate store is the name of a file that contains a certificate in XML format.
17 (cstXMLBlob)The certificate store is a string that contains a certificate in XML format.

Subject
String

The subject of the certificate used for client authentication.

This field will be populated with the full subject of the loaded certificate. When loading a certificate the subject is used to locate the certificate in the store.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma separated list of distinguished name fields and values. For instance "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are displayed below.

FieldMeaning
CNCommon Name. This is commonly a host name like www.server.com.
OOrganization
OUOrganizational Unit
LLocality
SState
CCountry
EEmail Address

If a field value contains a comma it must be quoted.

SubjectAltNames
String

A comma-separated lists of alternative subject names of the certificate.

ThumbprintMD5
String

MD5 hash of the certificate. If the hash does not already exist, it is computed.

ThumbprintSHA1
String

SHA1 hash of the certificate. If the hash does not already exist, it is computed.

Usage
String

Text description of UsageFlags.

The value will be of one or more of the following strings, separated by commas:

  • Digital Signatures
  • Key Authentication
  • Key Encryption
  • Data Encryption
  • Key Agreement
  • Certificate Signing
  • Key Signing

If the provider is OpenSSL, the value is a comma separated list of X509 certificate extension names.

UsageFlags
int

Flags that show intended use for the certificate. The value of UsageFlags is a combination of the following flags:

0x80Digital Signatures
0x40Key Authentication
0x20Key Encryption
0x10Data Encryption
0x08Key Agreement
0x04Certificate Signing
0x02Key Signing

Please refer to the Usage field for a text representation of UsageFlags.

This functionality is currently not available when the provider is OpenSSL.

Version
String

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

Constructors

public Certificate();

Creates a Certificate instance whose properties can be set. This is useful for use with CERTMGR when generating new certificates.

public Certificate(String certificateFile);

Opens CertificateFile and reads out the contents as an X509 public key.

public Certificate(byte [] certificateData);

Parses CertificateData as an X509 public key.

public Certificate(int certStoreType, String store, String storePassword, String subject);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the constructor will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

public Certificate(int certStoreType, String store, String storePassword, byte [] encoded);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the constructor will load Encoded as an X509 certificate and search the opened store for a corresponding private key.

public Certificate(int certStoreType, byte [] storeBlob, String storePassword, String subject);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a string (binary- or base64-encoded) containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the constructor will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).

public Certificate(int certStoreType, byte [] storeBlob, String storePassword, byte [] encoded);

CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a string (binary- or base64-encoded) containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the constructor will load Encoded as an X509 certificate and search the opened store for a corresponding private key.

 
 
Copyright (c) 2017 /n software inc. - All rights reserved.
Build 9.0.6240.0