My Oracle Support Banner

Monitoring X.509 Certificates ​ (Doc ID 2908594.1)

Last updated on APRIL 11, 2024

Applies to:

Java SE JDK and JRE - Version 8 and later
Information in this document applies to any platform.

Purpose

 X.509 certificates are widely deployed in JDK applications to support authentication and other functionality in security systems. An X.509 certificate is comprised of a number of fields. Some of the more common fields include (RFC 1422) :

       1.  version
       2.  serial number
       3.  signature (algorithm ID and parameters)
       4.  issuer name
       5.  validity period
       6.  subject name
       7.  subject public key (and associated algorithm ID)

 
The value of such fields have impact on underlying security configuration in the environments where they are used. It's useful to know what the structure of certificates in use in a Java application as a result. The validity period of a cert is an important piece of data. Expired certificates can often lead to production down scenarios. The issue is exacerbated by the fact that expiry dates can often catch administrators off guard by disrupting production applications from a specific date onwards.

This article discusses a few options on how one can obtain X.509 certificate information.

Scope

 

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 Keytool Analysis
 JDK debug logs
 Java Flight Recorder (JFR) events

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.