How to check if X509Certificate is CA certificate?

java certificate x509certificate ca
Jurica Krizanic picture Jurica Krizanic · Aug 23, 2012 · Viewed 12.5k times · Source

I have a X509Certificate instance in Java and I need to identify if it is a CA certificate or user certificate.

Can anyone provide any help?

Thanks in advance!

Answer

Jurica Krizanic picture Jurica Krizanic · Aug 27, 2012

According to research I have performed, it can be checked by checking basic constraints! Check the API for returning results of getBasicConstraints() method.

So if the method returns result != -1, a certificate can be considered as a CA certificate.

I have checked this with several CA certificates (root and intermediate), and it works as described. I have also checked this method with several user certificates, and the method returns -1 as result.

Related questions

How to create a X509 certificate using Java?

I want to create a X509 certificate using Java language and then extract public key from it. I have searched the internet and found many code examples, but all of them have errors (unknown variable or unknown type) or have …

Read More
X509 serial number using java

I need to get some data from X509 certificate. If I open a certificate file in windows, its showing its serial number in this format. ex. 39 65 70 eb d8 9f 28 20 4e c2 a0 6b 98 48 31 0d The same data I am trying …

Read More
Validating a certificate in java throws an exception - unable to find valid certificate path to requested target

I have a web app that requires a client to send it's certificate and the server has to validate the certificate(i.e see if the issuer is a valid issuer and present in the server's truststore). Here is the …

Read More