Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

generate a certificate request with API (CSR, PKCS#10)

843811Apr 30 2002 — edited Apr 30 2002

Hi everybody,

I want to request for a certificate using a PKCS10 File.
I generate this file with this code :

package test;
import sun.security.pkcs.*;
import sun.security.x509.*;
import java.security.*;
import cryptage2.RSACryptor;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import com.sun.crypto.provider.SunJCE;
import java.io.*;

public class TestPKCS10
{
public static void main(String argv[]){
try{
// provider
SunJCE jce = new SunJCE();
Security.addProvider(new BouncyCastleProvider());
Security.addProvider(jce);
// generate KeyPair
KeyPair pair = RSACryptor.generateKeyPair();
// get Instance of signature with MD5 algorithm
Signature dsa = Signature.getInstance("MD5withRSA");
// get Private Key
PrivateKey priv = pair.getPrivate();
// init Signature with private Key
dsa.initSign(priv);
// sign
byte[] sig = dsa.sign();
// info for X509 are in X500Name Object
X500Name x500name = new X500Name(
"Nicolas LEFEUVRE","IN","InTech","Schifflange","Luxembourg","Luxembourg");
// signer : bind Signature and X500Name
X500Signer signer = new X500Signer(dsa,x500name);
// get public Key
PublicKey publicKey = pair.getPublic();
// create PKCS10 with public key
PKCS10 pk = new PKCS10(publicKey);
// sign and encode the PKCS10
pk.encodeAndSign(signer);
// save in file PKCS10_2
PrintStream out =
new PrintStream(new FileOutputStream("c:/temp/pkcs10_2"));
}
catch(Exception e){e.printStackTrace();}
}
}

The PKCS10 look like this :

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBuTCCASICAQAweTETMBEGA1UEBhMKTHV4ZW1ib3VyZzETMBEGA1UECBMKTHV4ZW1ib3VyZzEUMBIGA1UEBxMLU2NoaWZmbGFuZ2UxDzANBgNVBAoTBkluVGVjaDELMAkGA1UECxMCSU4xGTAXBgNVBAMTEE5pY29sYXMgTEVGRVVWUkUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMzTrStPIyUyygFTU5p6QjGyLfAXncUvwA/i+sK2wY1S6EFYGGd7luGXI3NekVvEEzwIZ+eQ+STB7J7XVik8REubJl6gXlZTcrOdVzg6JJtHwbDoTpZnB09hGGZUzdyKsnGVIwZ4Un54Z44BZBm5qeOqYMKLK50YCC6ACqdfu/rpAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQBViesKVPfgkGSB2MYIln6yWPGmOjbLsdGdzSr/EWbtIAuT75ROZpeKKHzpfuHDC1xpbs0iZYvRACujyqeqRHIzomHu6NW7v2+B5CkoP5YsxXswr25fBMRawRckqnzMuZz79G1bi3CtQbh+MbdwvDvvs7DucPgsI7Cn8Fbg214C9Q==
-----END NEW CERTIFICATE REQUEST-----

I use Microsoft Certificate Server (a service of Microsoft NT2000 server) to generate certificate, I have this message :

�The request subject name is invalid or too long. 0x80094001 (-2146877439)C�

Any idea ?

Locked Post

New comments cannot be posted to this locked post.

Locked on May 28 2002

Added on Apr 30 2002

#other-security-apis-tools-and-issues

1 comment

363 views