Module org.shredzone.acme4j
Package org.shredzone.acme4j

Class Certificate

java.lang.Object
org.shredzone.acme4j.AcmeResource
org.shredzone.acme4j.Certificate
All Implemented Interfaces:
Serializable
public class Certificate extends AcmeResource
Represents a certificate and its certificate chain.

Note that a certificate is immutable once it is issued. For renewal, a new certificate must be ordered.

See Also:

  • Constructor Details

  • Method Details

    • download

      public void download() throws AcmeException
      Downloads the certificate chain.

      The certificate is downloaded lazily by the other methods. So usually there is no need to invoke this method, unless the download is to be enforced. If the certificate has been downloaded already, nothing will happen.

      Throws:
      AcmeException - if the certificate could not be downloaded

    • getCertificate

      public X509Certificate getCertificate()
      Returns the created certificate.
      Returns:
      The created end-entity X509Certificate without issuer chain.

    • getCertificateChain

      public List<X509Certificate> getCertificateChain()
      Returns the created certificate and issuer chain.
      Returns:
      The created end-entity X509Certificate and issuer chain. The first certificate is always the end-entity certificate, followed by the intermediate certificates required to build a path to a trusted root.

    • getAlternates

      public List<URL> getAlternates()
      Returns URLs to alternate certificate chains.
      Returns:
      Alternate certificate chains, or empty if there are none.

    • getAlternateCertificates

      public List<Certificate> getAlternateCertificates()
      Returns alternate certificate chains, if available.
      Returns:
      Alternate certificate chains, or empty if there are none.
      Since:
      2.11

    • writeCertificate

      public void writeCertificate(Writer out) throws IOException
      Writes the certificate to the given writer. It is written in PEM format, with the end-entity cert coming first, followed by the intermediate ceritificates.
      Parameters:
      out - Writer to write to. The writer is not closed after use.
      Throws:
      IOException

    • revoke

      public void revoke() throws AcmeException
      Revokes this certificate.
      Throws:
      AcmeException

    • revoke

      public void revoke(@Nullable RevocationReason reason) throws AcmeException
      Revokes this certificate.
      Parameters:
      reason - RevocationReason stating the reason of the revocation that is used when generating OCSP responses and CRLs. null to give no reason.
      Throws:
      AcmeException

    • revoke

      public static void revoke(Login login, X509Certificate cert, @Nullable RevocationReason reason) throws AcmeException
      Revoke a certificate. This call is meant to be used for revoking certificates if only the account's key pair and the certificate itself is available.
      Parameters:
      login - Login to the account
      cert - The X509Certificate to be revoked
      reason - RevocationReason stating the reason of the revocation that is used when generating OCSP responses and CRLs. null to give no reason.
      Throws:
      AcmeException
      Since:
      2.6

    • revoke

      public static void revoke(Session session, KeyPair domainKeyPair, X509Certificate cert, @Nullable RevocationReason reason) throws AcmeException
      Revoke a certificate. This call is meant to be used for revoking certificates if the account's key pair was lost.
      Parameters:
      session - Session connected to the ACME server
      domainKeyPair - Key pair the CSR was signed with
      cert - The X509Certificate to be revoked
      reason - RevocationReason stating the reason of the revocation that is used when generating OCSP responses and CRLs. null to give no reason.
      Throws:
      AcmeException