Public Key Infrastructure based on X.509 standard is the foundation and core of network security construction now. It also becomes the basic guarantee of electronic business. Research and development of PKIX technology becomes the hot topic in the field of information security nowadays.The paper aims at designing and realizing an essential PKIX system, in order to stop various kinds of potential safety hazards, offer customizing service for users, and offer the basic guarantee for realizing the platform independent terminal application. The key function of this system is management of certificate lifecycle, so also call it public key certificate management system.Firstly, a layered design idea of public key certificate management system is put forward based on the understanding of PKIX, in order to realize the independence of cipher algorithms. Secondly, a PKIX system construction method based on Java platform is brought forward. The paper explains in detail establishment of the convenient and safe link between CA and RA through utilizing Java, and development of flexible and reliable CA's user authentication and authorization module through extending JAAS frame. Finally, the author discusses the trust extension of public key certificate management system, and on the basis of existing certificate path construction method, proposes a modified scheme. The method constructs paths by zoning CAs. It is scalable, and the efficiency of the algorithm for certificate path construction is improved, thus it can meet the demand for the development of public key certificate management system application. |