Research Of Trans-CA Certificate Retrieval Technology Based On Certificate Gateway

Digital certificate is an authoritative electronic document. It is issued from am authority - CA (Certification Authority), people can use digital certificate on the Internet to identify each other's identity. When the other party need to send encrypted information, then first of all need each other's digital certificates. Exist in a number of CA's PKI (Public Key Infrastructure) system, how across different CA online access to the current certificate is not yet solved the key issue.This thesis focuses on research of the digital certificate for access, for the need of trans-CA certificate retrieval, designs a trans-CA certificate retrieval system based certificate gateway, this system does not change in the existing structure of CA, does not require the premise of a unified namespace, and it realizes the digital certificate trans-CA certificate retrieval. A certificate user in any CA landing system, the gateway to the certificate submitted by user name, e-mail query, query to the gateway associated with the certificate of the user database of digital certificates, as well as other certificates certificate gateway connected network clearance of the database under the user's digital certificate. The certificate user chooses to download the digital certificate for his need from the search result.In this thesis, the CA digital certificate to access the system inter-network structure, an analysis of the transmitted certificate query request, through the way of breadth-first spanning tree to optimize the network structure, and through the certificate profile gateway network optimization achieved.In this thesis, Hypertext Transfer Protocol is used between certificate user and certificate gateway. The certificate user for the client to browse through the website will be the digital certificate query request to the certificate of the Web server where the gateway for processing. The Web Services technology is used between gateways. Through the Web Services interface services, gateway access to other databases where the CA's digital certificate users to realize the communication between the gateway certificate. Between the gateway and the database JDBC technology is using, the certificate gateway can quickly query database and access to the user's digital certificate.This thesis is the use of LDAP Certificate Store (Lightweight Directory Access Protocol), defines a database Schema, and increases an object class, which has the attribute-distinguished name. In the certificate library for each user entry contains common name, e-mail, certificate distinguished name, certificates and other attributes of the user. The certificate user can query user's digital certificate by user's common name, e-mail and certificate distinguished name.