摘要： 分析证书签发系统的实现机制和私钥签名的相关流程，给出一个基于J2EE多层模式的证书签发管理系统设计方案。该方案采用EJB组件等技术，实现证书/CRL的生成、签发、查询和下载、证书验证、证书撤销及证书模板管理等功能，降低应用系统的建设成本和部署难度，具有良好的可扩展性。

关键词: 公钥基础设施, 证书签发管理系统, 认证中心

Abstract: This paper analyzes the mechanism of issuing and managing system of certificates and its signature process, and describes the scheme of issuing and managing system of certificates based on J2EE multilayer model. This scheme utilizes EJB component technology to implement relevant functions, including certificate/CRL creating, issuing, query, downloading, certificate verifying, revoking and certificate templates management, etc. It decreases the cost and difficulty of development and of application systems, and ensures good extensibility.

Key words: Public Key Infrastructure(PKI), issuing and managing system of certificates, Certificate Authority(CA)

中图分类号: 

• TP309