IsCertTrusted: X.509 Certificate File Validity Check is a simple Java application which reads an X.509 V3 certificate file, reads the certificate IssuerName field and checks to see if the issuer certificate is contained in a specified Java keystore file. If a match is found, the public key of the issuer certificate is used to verify the issuer signature on the certificate. Note that this is a very basic validity check. Real implementations should also check certificate revocation via CRLs, certificate expiry, certificate extensions and restrictions etc..

Sample output:

java IsCertTrusted thawte.cer  cacerts

CN=Michel I. Gallant, OU=Secure Application Development, O=Michel I. Gallant, L=Ottawa, ST=Ontario, C=CA

IssuerName:, CN=Thawte Server CA, OU=Certification Serv
ices Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

Searching in keystore for the issuer's certificate ...
Password to keystore for integrity check: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Found matching issuer DN cert in keystore:
Checking signature on cert ...
Signature verified on certificate
If the certificate is a self-signed certificate, the certificate signature is directly verified.

Java X509Certificate Class

Michel I. Gallant