How can I create a CA root certificate with Bouncy Castle?
Question
I need to create a X509 certificate with Bouncy Castle that serves as CA certificate. The certificate will be added manually to the trusted CA list of web browsers. It will be used to sign server certificates.
How do I do this? Apart from the usual certificate attributes there are some additional things that must be included (critical attribute saying this is CA, ...).
It should work at least in the most important browsers (of course only in those that allow a configuration of root CAs).
1 answers
solution1
1 2015-11-19 21:31:42
I did this:
KeyPairGenerator rsa = KeyPairGenerator.getInstance("RSA");
rsa.initialize(4096);
KeyPair kp = rsa.generateKeyPair();
Calendar cal = Calendar.getInstance();
cal.add(Calendar.YEAR, 1);
byte[] pk = kp.getPublic().getEncoded();
SubjectPublicKeyInfo bcPk = SubjectPublicKeyInfo.getInstance(pk);
X509v1CertificateBuilder certGen = new X509v1CertificateBuilder(
new X500Name("CN=CA Cert"),
BigInteger.ONE,
new Date(),
cal.getTime(),
new X500Name("CN=CA Cert"),
bcPk
);
X509CertificateHolder certHolder = certGen
.build(new JcaContentSignerBuilder("SHA1withRSA").build(kp.getPrivate()));
BASE64Encoder encoder = new BASE64Encoder();
System.out.println("CA CERT");
System.out.println(X509Factory.BEGIN_CERT);
encoder.encodeBuffer(certHolder.getEncoded(), System.out);
System.out.println(X509Factory.END_CERT);
System.exit(0);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.