[英]X509 Extensions
如何使用bouncycastle API在java中为x509证书设置Extensions?
我设法做了这样的“基本约束”:
...
X509V3CertificateGenerator gen = new X509V3CertificateGenerator();
...
boolean crit;
boolean isCa;
gen.addExtension(X509Extensions.BasicConstraints, crit, new BasicConstraints(isCa));
但是,我无法弄清楚如何为IssuerAlternativeName或KeyUsage做同样的事情 。
尝试这个
KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign
| KeyUsage.digitalSignature | KeyUsage.keyEncipherment
| KeyUsage.dataEncipherment | KeyUsage.cRLSign);
gen.addExtension(Extension.keyUsage, false, usage);
GeneralNames issuerAltName = new GeneralNames(new GeneralName(new X509Name("CN=somedomain.tld")));
gen.addExtension(X509Extensions.IssuerAlternativeName, false, issuerAltName);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.