Menu
I have a web page where I show the details of an SSL certificate which is being used with the server. I thought that toString() might be okay, but it looks like this:
[0] Version: 3
SerialNumber: 117262955582477610212812061435665386300
IssuerDN: CN=localhost
Start Date: Wed Jun 13 15:15:05 EST 2012
Final Date: Tue Jun 08 15:15:05 EST 2032
SubjectDN: CN=localhost
Public Key: DSA Public Key
y: 6ef96c2ace616280c5453dda2[TRUNCATED BY ME]
Signature Algorithm: SHA1withDSA
Signature: 302c021450b1557d879a25ccf6b89e7ac6de8dc6
0b13df7e0214559cdc810cdb1faa3a645da837cd
5efdeb81d62e
Extensions:
critical(true) 2.5.29.17 value = DER Sequence
Tagged [7] IMPLICIT
DER Octet String[4]
The problem I have with it is the obscure representation of extensions. I would prefer to see "subjectAltNames" and the list of alternative names, like what I can see in my web browser when I look at the certificate info.
Is there some way to do this? I have the entirety of BouncyCastle on my class path so I had hoped I could find it in there, but I don't seem to be able to find it.
Worst comes to worst I know I can put time into getting all the bits and pieces out myself, but I don't know if I will miss an extension someone might expect to find in there.
626
Open cmd prompt, change directory to desktop & type command- openssl. It is a process of creating a simple x509 certificate that will be used for digital signatures. Press enter and fill in all the required information like the password for creating keys & a few personal information.
509 is a standard format for public key certificates, digital documents that securely associate cryptographic key pairs with identities such as websites, individuals, or organizations. First introduced in 1988 alongside the X. 500 standards for electronic directory services, X.
An X. 509 certificate is a digital certificate that uses the widely accepted international X. 509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.
Answering my own question with my own solution.
It turns out that this crappy toString() output only happens when using Sun's implementation of X509Certificate. When using BouncyCastle's, it looks a lot better (or more detailed, at least.)
It just turned out that we weren't initialising BC's provider before the page was rendered. Initialisation was delayed until we wanted to use it to actually generate a certificate and now that it's done on webapp startup, the toString() looks a lot better.
99
Pretty much all the "bits and pieces" should be available from the standard X509Certificate class:
You should be able to pretty easily format whatever you want, however you want. You can also access and iterate through the "getIssuerAlternativeNames()" collection.
PS:
Here's an excellent link about implementing the X509Certificate class:
And here's a link from somebody who's using Bouncy Castle (the solution also involves the above link):
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
