Certificate Type
The digital certificate being used.
Remarks
This type describes the current digital certificate. The certificate may be a public or private key. The fields are used to identify or select certificates.
Fields
EffectiveDate String |
The date which this certificate becomes valid. Prior to this it is not valid. The following is an example of an encoded date illustrating the format: 23-Jan-2000 15:00:00. | ||||||||||||||||||||||||||||||||||||||||||||||||
Encoded String |
The certificate (PEM/base64 encoded). This field is used to assign a specific certificate. The Store and Subject fields may also be used to specify a certificate. When Encoded is set, a search is initiated in the current Store for the private key of the certificate. If the key is found, Subject is updated to reflect the full subject of the selected certificate, otherwise Subject is set to empty string. | ||||||||||||||||||||||||||||||||||||||||||||||||
EncodedB byte [] |
The certificate (PEM/base64 encoded). This field is used to assign a specific certificate. The Store and Subject fields may also be used to specify a certificate. When Encoded is set, a search is initiated in the current Store for the private key of the certificate. If the key is found, Subject is updated to reflect the full subject of the selected certificate, otherwise Subject is set to empty string. | ||||||||||||||||||||||||||||||||||||||||||||||||
ExpirationDate String |
The date the certificate expires. Dates following this date, the certificate will no longer be valid. The following is an example of an encoded date illustrating the format: 23-Jan-2001 15:00:00. | ||||||||||||||||||||||||||||||||||||||||||||||||
ExtendedKeyUsage String |
A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 Object-Identifiers (OIDs). | ||||||||||||||||||||||||||||||||||||||||||||||||
Fingerprint String |
The hex-encoded, 16-byte MD5 fingerprint of the certificate. This is in the form:
bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02 | ||||||||||||||||||||||||||||||||||||||||||||||||
Issuer String |
The issuer of the certificate. This field contains a string representation of the name of the issuing authority for the certificate. | ||||||||||||||||||||||||||||||||||||||||||||||||
KeyPassword String |
The password for the certificate's private key (if any). Some certificate stores may individually protect certificates' private keys, separate from the standard protection offered by the StorePassword. KeyPassword. This can be used to read such password-protected private keys. Note: this property defaults to the value of StorePassword. To clear it, you must set the property to the empty string (""). It can be set at any time, but must be set before calling PrivateKey when the private key's password is different from the store's. | ||||||||||||||||||||||||||||||||||||||||||||||||
PrivateKey String |
The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data. Note: The PrivateKey may be available, but not exportable. In this case, PrivateKey returns an empty string. | ||||||||||||||||||||||||||||||||||||||||||||||||
PrivateKeyAvailable boolean |
Shows whether a PrivateKey is available for the selected certificate. If PrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g. server authentication). | ||||||||||||||||||||||||||||||||||||||||||||||||
PrivateKeyContainer String |
The name of the PrivateKey container for the certificate (if available). This functionality is available only on Windows platforms. | ||||||||||||||||||||||||||||||||||||||||||||||||
PublicKey String |
The public key of the certificate. The key is provided as PEM/Base64-encoded data. | ||||||||||||||||||||||||||||||||||||||||||||||||
PublicKeyAlgorithm String |
Textual description of the public key algorithm of the certificate. The property contains either the name of the algorithm (such as "RSA" or "RSA_DH"), or an object identifier (OID) string representing the algorithm. | ||||||||||||||||||||||||||||||||||||||||||||||||
PublicKeyLength int |
The length of the certificate public key (in bits). Common values are 512, 1024, and 2048. | ||||||||||||||||||||||||||||||||||||||||||||||||
SerialNumber String |
The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, each two of them representing a byte of the serial number. | ||||||||||||||||||||||||||||||||||||||||||||||||
SignatureAlgorithm String |
Text description of the signature algorithm of the certificate. The property contains either the name of the algorithm (such as "RSA" or "RSA_MD5RSA"), or an object identifier (OID) string representing the algorithm. | ||||||||||||||||||||||||||||||||||||||||||||||||
Store String |
The name of the certificate store for the client certificate. The StoreType field specifies the type of the certificate store specified by Store. If the store is password protected, specify the password in StorePassword. Store is used in conjunction with the Subject field in order to specify client certificates. If Store has a value, and Subject or Encoded is set, a search for a certificate is initiated. Please refer to the Subject field for details. Designations of certificate stores are platform-dependent. The following are designations of the most common User and Machine certificate stores in Windows:
In Java, the certificate store normally is a file containing certificates and optional private keys. When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store). | ||||||||||||||||||||||||||||||||||||||||||||||||
StoreB byte [] |
The name of the certificate store for the client certificate. The StoreType field specifies the type of the certificate store specified by Store. If the store is password protected, specify the password in StorePassword. Store is used in conjunction with the Subject field in order to specify client certificates. If Store has a value, and Subject or Encoded is set, a search for a certificate is initiated. Please refer to the Subject field for details. Designations of certificate stores are platform-dependent. The following are designations of the most common User and Machine certificate stores in Windows:
In Java, the certificate store normally is a file containing certificates and optional private keys. When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store). | ||||||||||||||||||||||||||||||||||||||||||||||||
StorePassword String |
If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store. | ||||||||||||||||||||||||||||||||||||||||||||||||
StoreType int |
The type of certificate store for this certificate. The component supports both public and private keys in a variety of formats. When the cstAuto value is used the component will automatically determine the type. This field can take one of the following values:
| ||||||||||||||||||||||||||||||||||||||||||||||||
Subject String |
The subject of the certificate used for client authentication. This field will be populated with the full subject of the loaded certificate. When loading a certificate the subject is used to locate the certificate in the store. If an exact match is not found, the store is searched for subjects containing the value of the property. If a match is still not found, the property is set to an empty string, and no certificate is selected. The special value "*" picks a random certificate in the certificate store. The certificate subject is a comma separated list of distinguished name fields and values. For instance "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are displayed below.
If a field value contains a comma it must be quoted. | ||||||||||||||||||||||||||||||||||||||||||||||||
SubjectAltNames String |
A comma-separated lists of alternative subject names of the certificate. | ||||||||||||||||||||||||||||||||||||||||||||||||
ThumbprintMD5 String |
MD5 hash of the certificate. If the hash does not already exist, it is computed. | ||||||||||||||||||||||||||||||||||||||||||||||||
ThumbprintSHA1 String |
SHA1 hash of the certificate. If the hash does not already exist, it is computed. | ||||||||||||||||||||||||||||||||||||||||||||||||
ThumbprintSHA256 String |
SHA256 hash of the certificate. If the hash does not already exist, it is computed. | ||||||||||||||||||||||||||||||||||||||||||||||||
Usage String |
Text description of UsageFlags. The value will be of one or more of the following strings, separated by commas:
If the provider is OpenSSL, the value is a comma separated list of X509 certificate extension names. | ||||||||||||||||||||||||||||||||||||||||||||||||
UsageFlags int |
Flags that show intended use for the certificate. The value of UsageFlags is a combination of the following flags:
Please refer to the Usage field for a text representation of UsageFlags. This functionality is currently not available when the provider is OpenSSL. | ||||||||||||||||||||||||||||||||||||||||||||||||
Version String |
The certificate's version number. The possible values are the strings "V1", "V2", and "V3". |
Constructors
public Certificate();
Creates a Certificate instance whose properties can be set. This is useful for use with CERTMGR when generating new certificates.
public Certificate(String certificateFile);
Opens CertificateFile and reads out the contents as an X509 public key.
public Certificate(byte[] certificateData);
Parses CertificateData as an X509 public key.
public Certificate(int certStoreType, String store, String storePassword, String subject);
CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the component will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).
public Certificate(int certStoreType, String store, String storePassword, String subject, String configurationString);
CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. ConfigurationString is a newline separated list of name-value pairs that may be used to modify the default behavior. Possible values are: "PersistPFXKey" - whether the PFX key is persisted after performing operations with the private key. This correlates to the PKCS12_NO_PERSIST_KEY CyrptoAPI option. The default value is True (the key is persisted). "Thumbprint" - a MD5, SHA1, or SHA256 thumbprint of the certificate to load. When specified this value is used to select the certificate in the store. This is applicable to cstUser, cstMachine, cstPublicKeyFile, and cstPFXFile store types. "UseInternalSecurityAPI" - whether the platform (default) or internal security API is used when performing certificate related operations. After the store has been successfully opened, the component will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).
public Certificate(int certStoreType, String store, String storePassword, byte[] encoded);
CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a file containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the component will load Encoded as an X509 certificate and search the opened store for a corresponding private key.
public Certificate(int certStoreType, byte[] storeBlob, String storePassword, String subject);
CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. StoreBlob is a string (binary- or base64-encoded) containing the certificate data. StorePassword is the password used to protect the store. After the store has been successfully opened, the component will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).
public Certificate(int certStoreType, byte[] storeBlob, String storePassword, String subject, String configurationString);
CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. StoreBlob is a string (binary- or base64-encoded) containing the certificate data. StorePassword is the password used to protect the store. After the store has been successfully opened, the component will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X509 certificate's subject Distinguished Name (DN).
public Certificate(int certStoreType, byte[] storeBlob, String storePassword, byte[] encoded);
CertStoreType identifies the type of certificate store to use. See StoreType for descriptions of the different certificate stores. Store is a string (binary- or base64-encoded) containing the certificate store. StorePassword is the password used to protect the store. After the store has been successfully opened, the component will load Encoded as an X509 certificate and search the opened store for a corresponding private key.