8.2. Establishing Trust with Certification Paths

As introduced in Section 8.1, a certification path is a chain of certificates from a trust anchor to the target subject, or end entity. After the first, each certificate in the chain authenticates the public key of the signer of the previous certificate in the chain. The trust anchor is usually specified by a certificate issued to a CA that the user relies on as a Trusted Third Party (TTP). Use of such a certificate implies that one trusts the entity that signed the certificate.

In general, a certification path is an ordered list of certificates, usually comprising the end entity’s public-key certificate and zero or more additional certificates. A certification path typically has one or more encodings, ...

Get Inside Java™ 2 Platform Security: Architecture, API Design, and Implementation, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.