stackoom
  简体   繁体   中英

how to create a CA Certificate in java

 原文  2016-06-10 15:08:38       java/ certificate/ bouncycastle/ ca

Question

I want to create a CA self signed certificate in java. I have already created a self signed certificate using bouncy castle but how to add basic constraints to this cert to be CA certificate . Thanks

1 answers

solution1
 0  2017-05-16 14:22:18

You can use this code below to create a self-signed certificate with basicConstraints extension: 

public static Certificate selfSign(KeyPair keyPair, String subjectDN) throws OperatorCreationException, CertificateException, IOException
{
    Provider bcProvider = new BouncyCastleProvider();
    Security.addProvider(bcProvider);

    long now = System.currentTimeMillis();
    Date startDate = new Date(now);

    X500Name dnName = new X500Name(subjectDN);
    BigInteger certSerialNumber = new BigInteger(Long.toString(now)); // <-- Using the current timestamp as the certificate serial number

    Calendar calendar = Calendar.getInstance();
    calendar.setTime(startDate);
    calendar.add(Calendar.YEAR, 1); // <-- 1 Yr validity

    Date endDate = calendar.getTime();

    String signatureAlgorithm = "SHA256WithRSA"; // <-- Use appropriate signature algorithm based on your keyPair algorithm.

    ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm).build(keyPair.getPrivate());

    JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(dnName, certSerialNumber, startDate, endDate, dnName, keyPair.getPublic());

    // Extensions --------------------------

    // Basic Constraint
    BasicConstraints basicConstraints = new BasicConstraints(true); // <-- true for CA, false for EndEntity

    certBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, basicConstraints); // Basic Constraints is usually marked as critical.

    // -------------------------------------

    return new JcaX509CertificateConverter().setProvider(bcProvider).getCertificate(certBuilder.build(contentSigner));
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use CA certificate to connect to database in java java ssl certificate & CA How to add both a CA certificate and a Client Certificate using Webclient in Java How add a Certificate to the Java CA Certificate Store in Openshift (cacerts)? Create java keystore from private key and CA certificate bundle Intermediate CA certificate in Java keystore How can I create a CA root certificate with Bouncy Castle? How to sign a java applet with a CA-signed certificate How does java http client validate Server's CA Certificate? Adding CA Certificate to Java Buildpack for PCF Deployment
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM