Not-Yet-Commons-SSL

not-yet-commons-ssl-0.3.17 released! (March 16th, 2015)

Requires Java 1.5.x or higher.

Please see our ssl page for code examples on how to use this library.

Resources:

Design Goals: about.html
Code Examples: SSL/TLS  |  PKCS #8  |  PBE
Join Mailing List: http://lists.juliusdavies.ca/listinfo.cgi/not-yet-commons-ssl-juliusdavies.ca/
Mailing List Archives: http://lists.juliusdavies.ca/pipermail/not-yet-commons-ssl-juliusdavies.ca/
Downloads: https://juliusdavies.ca/commons-ssl/download.html
Checkout From Subversion: svn co https://juliusdavies.ca/svn/not-yet-commons-ssl/trunk not-yet-commons-ssl
Browse Subversion (via viewvc): https://juliusdavies.ca/svn/not-yet-commons-ssl/viewvc.cgi/not-yet-commons-ssl/
License (Apache 2.0 + BouncyCastle.org’s MIT license): LICENSE.txt

About

We’re calling this library “Not-Yet-Commons-SSL” since we have the intention of one day becoming an official Apache project. Not-Yet-Commons-SSL was originally developed by Credit Union Central of British Columbia. The webpages, releases, and code here on juliusdavies.ca have no relationship to the Apache Software Foundation, but all code is licensed under ASL 2.0.

The ASN.1 parsing code comes directly from BouncyCastle (bouncycastle.org). The PKCS12 key derivation function (for some PKCS8 version 1.5 encrypted keys) also comes from BouncyCastle. Presumably they got it from RSA’s PKCS12 specification (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf). BouncyCastle maintains copyright over all the code used, but allows us to reuse and redistribute (the BouncyCastle license is compatible with ASL 2.0). We are very thankful for their excellent code.

Not-Yet-Commons-SSL would never have happened without Oleg Kalnichevski’s excellent “contrib” example in the HttpComponents SVN repository. His AuthSSLProtocolSocketFactory.java and AuthSSLX509TrustManager.java examples were the seeds for all of this. Evil Comrade Oleg’s Javadocs on those classes were also extremely helpful. We only one day hope that we can write Javadocs like that (hopefully by 0.7.0!).

 

What is an SSL certificate?

After seeing digital certificates, let’s look at one in particular: What is an SSL certificate? We will see what an SSL certificate is and examine the 3 main types of SSL certificates. (Remember, SSL certificates are the ones used when you surf the Internet on https sites: see What is the difference between http and https?
Who issues SSL certificates?

Not everyone can issue certificates, only Certificate Authorities (CA) have the right to do so. Like identity cards, only the competent authorities are authorized to issue certificates.

Here are some Certificate Authority names: (there are many others)

GlobalSign,
Symantec,
Geotrust,

Certificates can also be purchased from certificate providers. They are intermediaries between clients and certification authorities. (As car dealers allow individuals to buy cars from manufacturers)

SSL Certificates

While surfing on different websites, you have probably noticed that the display of addresses can change depending on the sites visited. This is due to the certificates used: SSL certificates. Let’s now take a closer look at this type of certificate:

The 3 main types of SSL certificates

To simplify, we can say that there are 3 main categories of certificates:

the domain certificate
the certificate with organizational validation
the certificate with extended validation.

So what is the difference between these types of certificates?

I told you that certificates were issued by certification authorities or certificate providers, but for that, any applicant for a certificate must show “white paw”. Indeed, to obtain a certificate and depending on its level, certain information must be provided.

Find more in our info tech section!

Follow Us