I'm successfully signing a x509v3 certificate from a CSR using BouncyCastle in Java, but I have a problem: the string format from some of the certificate fields (Subject in this case) is UTF8_STRING and I need it to be PRINTABLE_STRING
When generating the certificate I use an X509v3CertificateBuilder and a CertificateFactory objects plus a JcaX509ExtensionUtils to add some extensions to it.
Any help on how to do this?
Thanks in advance.
Related
I know Java keystore stores DER encoded certificate and SSL communication works perfectly fine with it, I wanted to check what happens with PEM encoded certificate so I converted my DER encoded certificate to PEM encoded using openssl utility and then imported that PEM encoded SSL certificate into my keystore using keytool utility and below are outcomes:
PEM encoded certificate was successfully imported into my keystore and there was no exception.
Then I tried SSL communication using java.net.HttpURLConnection and it was also successful and there were no exceptions.
So, this basically suggests me that this works but I am not sure what are implications of the same and whether this is recommended or not to use PEM encoded certificates in Java keystore. I am looking for answers which through insight on the implications, pros and cons of using PEM encoded certificate in Java keystore.
P.S.: If someone is looking for openssl and keytool command I used then please let me know and I can provide.
Please note that I have already read this and this, and these doesn't answer my questions.
I am trying to store a proxy X.509 certificate into a keystore. The certificate is generated using bouncycastle library, the problem is that I do not have the secret key for the certificate and from what I understand is that to store it in a Java key store I need the secret key. Furthermore I can't seem to convert the certificate into Java's own implementation of it.
I want to store it in a keystore so that Axis2's Rampart could attach it to SOAP messages according to our own security architecture.
IF anyone can kindly explain to me if there is a way to do this or if I am missing something important I would be thankful
from what I understand is that to store it in a Java key store I need the secret key
No. You don't need the private key to store a certificate. You only need that for your own certificate. Just use keytool -import.
I test subEthaSMTP SMTP server. Everything is OK, but I want use SSL/TLS. I read the article about this and have a question.
I have csr, crt and key file, but into article used to PKCS12 , JKS, and SunX509.
Is it possible use csr, crt and key or how to convert it into need format.
P.S. Sorry I am not expert in Java.
The CSR is a Certificate Sign Request. You should already self-sign the certificate or send to a certicate authority. If you are lost in this point, read the certificates howto.
Then you should have a CRT file (The CRT is a X.509 certificate in DER format) self-signed or signed by a Certificate authority, to create a PKCS#12 certificate you should:
Transform the DER certificate to PEM.
Mix PEM and KEY private key file into the PKCS#12 fileformat.
The openssl commands are here in "Converting Using OpenSSL" section.
This stuff is not Java, It's just SSL/TLS.
I need to encrypt and sign data using PKCS7(CMS).
I am using bouncy castle provided api to achieve this using java .
Till now what i understood is i need to follow these steps
Need to generate a key pair private & public key using some algorithm say RSA
Certify it with X509 certificate
Convert it into PKCS7 key format like p7b
Generate java key store using keytool some *.jks file
Generate the Certificate Signing Request (CSR) using keytool command *.crt
Become self CA(Certificate Autority) and certify
Import key from keystore created in previous stem and encrypt sign and decrypt data
I still need to figure out what steps i need to follow to sign,encrypt,decrypt data.
My question is
Is my steps are correct ?
How do i certify key pair generated by RSA algorithm and convert into PKCS7 key format
How do i become self CA and certify
I got this to encrypt and sign, still i am confused with steps to follow and also most of them are deprecated.
What you need is not BouncyCastle.
You need OpenSSL and a guide.
OpenSSL
How to set up your own certificate authority
How to create a self-signed certificate
How to use a certificate in Java
Alternatively, to generate and store an RSA key using Java:
Generate RSA key pair and encode private as string
I'm trying to Convert a X509CertImpl to a X509CRLEntry so I can generate my X509CRLImpl but I can't find a way of doing this, isn't is supposed to be easy? The CRL should be made of revoked X509 Certificates so it has to be an easy way!
I'm using sun.security.x509 and java.security.cert packages
Thank you for the Help!
CRLs don't contain certificates consequently you can't get a certificate from the CRL.