Dump PKCS11 Slot Info
A tool to dumpl PKCS#11 slot information
Enable OCSP checking
If a certificate is issued with a authority information access extension which indicates the OCSP access method and location, one can enable the default implementation of OCSP checker during building or validating a certification path.
TLS and NIST'S Policy on Hash Functions
Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010.
Certificates Order in TLS Handshaking
Per the TLS specification (page 39, section 7.4.2, RFC2246), the certificate list passed to server Certificate message or client Certificate message "is a sequence (chain) of X.509v3 certificates. The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it."
RSA AlgorithmIdentifier of X.509 Certificate
there is a risk of interoperability problems between ITU-T X.509 compliant implementations and PKIX compliant implementations.
JSSE Debug Logging With Timestamp
Is there any way to enable JSSE debug logging with timestamp? Definitely, the answer is YES. It is straightforward.
Understanding Self-Issued Certificate
RFC5280 categorize certificate into two classes: CA certificates and end entity certificates, and CA certificates are divided into three classes: cross-certificates, self-issued certificates, and self-signed certificates.
FIPS 140 Compliant Mode for SunJSSE
The SunJSSE provider now supports an experimental FIPS 140 compliant mode. When enabled and used in combination with the SunPKCS11 provider and an appropriate FIPS 140 certified PKCS#11 token, SunJSSE is FIPS 140 compliant.
Java Security: SunJSSE and TLSAES
TLS AES ciphersuites for JSSE and the SunJSSE provider