Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to create a X509 certificate using Java?

Tags:

java

certificate

x509certificate

public-key

I want to create a X509 certificate using Java language and then extract public key from it.

I have searched the internet and found many code examples, but all of them have errors (unknown variable or unknown type) or have many warnings that say something like : "the method ... from type ... is deprecated " etc.

For example, why the following code doesn't work:

PublicKey pk;
CertificateFactory cf = CertificateFactory.getInstance("X.509");
String PKstr = pk.toString();
InputStream PKstream = new ByteArrayInputStream(PKstr.getBytes());
X509Certificate pkcert = (X509Certificate)cf.generateCertificate(PKstream);


Can anyone show me how to create a certificate using pure Java or Bouncy Castle and then get a public key from that?

Thanks all.

like image 412
leyla moazami Avatar asked Jul 08 '12 14:07

leyla moazami

People also ask

How do I create a certificate X509?

Open cmd prompt, change directory to desktop & type command- openssl. It is a process of creating a simple x509 certificate that will be used for digital signatures. Press enter and fill in all the required information like the password for creating keys & a few personal information.

What is X509 certificate Java?

public abstract class X509Certificate extends Certificate. Abstract class for X. 509 v1 certificates. This provides a standard way to access all the version 1 attributes of an X.

1 Answers

You can also generate a certificate using only JDK classes. The disadvantage is that you have to use two classes from the sun.security.x509 package. The code would be:

KeyStore keyStore = ... // your keystore

// generate the certificate
// first parameter  = Algorithm
// second parameter = signrature algorithm
// third parameter  = the provider to use to generate the keys (may be null or
//                    use the constructor without provider)
CertAndKeyGen certGen = new CertAndKeyGen("RSA", "SHA256WithRSA", null);
// generate it with 2048 bits
certGen.generate(2048);

// prepare the validity of the certificate
long validSecs = (long) 365 * 24 * 60 * 60; // valid for one year
// add the certificate information, currently only valid for one year.
X509Certificate cert = certGen.getSelfCertificate(
   // enter your details according to your application
   new X500Name("CN=My Application,O=My Organisation,L=My City,C=DE"), validSecs);

// set the certificate and the key in the keystore
keyStore.setKeyEntry(certAlias, certGen.getPrivateKey(), null, 
                        new X509Certificate[] { cert });

Retrieve the private key from the key store to encrypt or decrypt data. Based on the code is from http://www.pixelstech.net/article/1408524957-Generate-cetrificate-in-Java----3

like image 108
iwan.z Avatar answered Sep 17 '22 01:09

iwan.z
Sign in to Comment

Related questions

Turn Java App into Windows Screensaver
What is annotation processing in Java?
Using final methods to initialize an instance variable
What do people use class loading for?
JPA: caching queries
Where do I put weblogic-application.xml in my Maven 2 project?
how to use chinese and japanese character as string in java?
Stubbing defaults in Mockito
If I type Ctrl-C on the command line, will the finally block in Java still execute?
Why are mouseDragged-events not received when using MouseAdapter?
In JSTL/JSP when do I have to use <c:out value="${myVar}"/> and when can I just say ${myVar}
Java Regex: matches(pattern, value) returns true but group() fails to match
Java generics - is it possible to restrict T to be Serializable?
Java public interface and public class in same file
In Java, is it safe to change a reference to a HashMap read concurrently
How to reference constant in attribute in Spring
Create a radial gradient programmatically
Formatting a double and not rounding off
Java indexOf function more efficient than Rabin-Karp? Search Efficiency of Text
Two-dimensional array of different types

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!