简体   繁体   English

如何以编程方式将 CSR 提交给认证机构?

[英]How to submit the CSR to a certification authority Programatically?

I saw the code for creating a CSR using bouncy castle.我看到了使用充气城堡创建 CSR 的代码。

https://github.com/bcgit/bc-java/blob/master/misc/src/main/java/org/bouncycastle/jcajce/examples/PKCS12Example.java https://github.com/bcgit/bc-java/blob/master/misc/src/main/java/org/bouncycastle/jcajce/examples/PKCS12Example.java

How do I get this CSR authorized from a certification authority though?但是,如何从证书颁发机构获得此 CSR 的授权? Can I choose to get it authorized from the company of my choice?我可以选择从我选择的公司获得授权吗? If so, how can I do it through the code?如果是这样,我该如何通过代码做到这一点? Please advice.请指教。

I don't think there is a framework for doing this because signing requests varies from CA to CA.我认为没有这样做的框架,因为签名请求因 CA 而异。 While the message (CSR) is the same for all, the protocol for submitting a CSR is (AFAIK) not specified.虽然消息 (CSR) 对所有人都相同,但未指定提交 CSR 的协议 (AFAIK)。 It's made more complicated by the fact that the CA needs proof that you own the domain you're trying to get a certificate for and by the fact that most CA's charge a fee for signing a certificate.由于 CA 需要证明您拥有您正在尝试为其获取证书的域的证据以及大多数 CA 对签署证书收取费用这一事实,情况变得更加复杂。

If you choose a specific CA, you could create an automated process for that CA.如果选择特定 CA,则可以为该 CA 创建自动化流程。 For example if you use Let's Encrypt , they have a bunch of clients that you can use to submit CSRs programmatically.例如,如果您使用Let's Encrypt ,他们有一堆客户端,您可以使用它们以编程方式提交 CSR。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM