| Author |
How to identify if X509Certificate is CA certificate ?
|
Jurica Krizanic
Greenhorn
Joined: Dec 11, 2008
Posts: 27
|
|
Hello,
I have an X509Certificate and I need to identify if it is a CA certificate or user certificarte.
Anyone knows how to do it?
Not sure if I can rely on KeyUsage parameters.
Thanks in advance!
Best regards,
Jurica Krizanic
|
Jurica Krizanic - Java developer, OCPJP!
|
 |
Jurica Krizanic
Greenhorn
Joined: Dec 11, 2008
Posts: 27
|
|
According to the research I have performed, it can be checked by checking basic constraints! Check the API of X509Certificate class for returning results of getBasicConstraints() method.
So if the method returns result != -1, a certificate can be considered as a CA certificate.
I have checked this with several CA certificates (root and intermediate), and it works as described.
I have also checked this method with several user certificates, and the method returns -1 as result.
|
|
Rishi Shah
Ranch Hand
Joined: Sep 05, 2012
Posts: 43
|
|
|
If you pass it through the default TrustManager, it should throw an exception if it is a user-signed certificate and not CA.
|
|
 |
|
|
subject: How to identify if X509Certificate is CA certificate ?
|
|
|
0
