Date: Tue, 15 Jun 1999 08:56:55 -0700 (PDT)
From: Jan Luehe <Jan.Luehe@eng.sun.com>
Subject: Re: Using certificates from other CAs
To: "James A. Rome" <jar@ornl.gov>
In-Reply-To: "Your message with ID" <37666F6C.BD2F2749@ornl.gov>
James:
> Maybe I am being obtuse, but all the examples seem to assume that the
> certificates will be issued by the Java key factory.
You should be able to use any certificates, regardless
of the software that generated them.
The (provider-based) certificate factory simply parses an ASN.1 encoded
certificate and returns it as a (provider-based)
Certificate object, on which you can call all the methods
defined in java.security.cert.Certificate
(and java.security.cert.X509Certificate in the case of an X.509 certificate).
> I need to be able
> to utilize user's certificates (issued by my Netscape CA) which have
> been exported to a pkcs12 file.
>
> Is there some way in Java to access these certificates and to let the
> user utilize his private key for signing things?
You need a KeyStore provider that understands PKCS#12.
The KeyStore implementation supplied by the (default) SUN provider
uses a different storage format.
You can either write your own KeyStore provider that understands
PKCS#12, or use existing providers (e.g., from www.xeti.com).
Jan