PEM Encoded Certificate
843810Oct 13 2004 — edited Oct 18 2004I have code ( see below ) which is successfully generating a Self Signed certificate in PEM format using the Bouncy Castle libraries.
I'm not sure how to directly generate the cert in PEM format, ...the generated cert is in DER format and the extra code you see is to convert it to PEM. I have verified that the certificate works by running the openssl command :
openssl x509 -in certificatename.pem -text
The problem I am having is that openssl does not like the private key. Note in the code that I convert the private key I used to generate the certificate to PEM format - I use the very same technique as that used for the certificate. The following openssl command says that there is a problem with the private key:
openssl rsa -in privatekeyname.pem -text
Does anyone know how to generate either the certificate, private key or both directly in PEM format or what I may be doing wrong ? See code below:
=================================================================================
private X509Certificate buildSelfSignedCert(int keyLen, String associatedOrg) {
// Security constants
X509Certificate X509certificate = null;
String ecnryptionType = "MD5WithRSAEncryption";
String keyGeneratorType = "RSA";
String LF = "\n";
String beginCertificate = "-----BEGIN CERTIFICATE-----" +LF;
String endCertificate = "-----END CERTIFICATE-----" +LF;
String beginRSAPrivateKey = "-----BEGIN RSA PRIVATE KEY-----" +LF;
String endRSAPrivateKey = "-----END RSA PRIVATE KEY-----" +LF;
// Init a security provider
Security.addProvider(new BouncyCastleProvider());
// Generate key pair
try {
// Pub / Private key stuff
KeyPairGenerator keyGen =
KeyPairGenerator.getInstance( keyGeneratorType);
keyGen.initialize(keyLen, new SecureRandom());
KeyPair keypair = keyGen.generateKeyPair();
PrivateKey prikey = keypair.getPrivate();
PublicKey pubkey = keypair.getPublic();
// Init values for cert
Calendar dateThen = Calendar.getInstance();
dateThen.add(Calendar.YEAR, 1);
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(1));
certGen.setIssuerDN(new X509Principal(associatedOrg));
certGen.setNotBefore(new Date());
certGen.setNotAfter(new Date(dateThen.getTimeInMillis()));
certGen.setSubjectDN(new X509Principal(associatedOrg));
certGen.setPublicKey(pubkey);
certGen.setSignatureAlgorithm(ecnryptionType);
// Create Cert
X509certificate = certGen.generateX509Certificate(prikey);
// Persist Cert
try {
// Write cert in PEM ( Base64 ) format - each line 64 bytes
FileOutputStream fos = new FileOutputStream("CERT.pem");
fos.write(beginCertificate.getBytes());
byte [] certb64 = Base64.encode(X509certificate.getEncoded());
int length = certb64.length;
int bytestowrite = 64;
for ( int written = 0; written < length; ) {
fos.write(certb64,written,bytestowrite);
fos.write(LF.getBytes());
written+=bytestowrite;
if ( (length - written) < 64 ) {
bytestowrite=(length - written);
}
} // for ( int written = 0; written < length; )
fos.write(endCertificate.getBytes());
fos.close();
// Write Private Key in PEM ( Base64 ) format
certb64 = null;
fos = new FileOutputStream("prikey.pem");
fos.write(beginRSAPrivateKey.getBytes());
certb64 = Base64.encode(prikey.getEncoded());
length = certb64.length;
bytestowrite = 64;
for ( int written = 0; written < length; ) {
fos.write(certb64,written,bytestowrite);
fos.write(LF.getBytes());
written+=bytestowrite;
if ( (length - written) < 64 ) {
bytestowrite=(length - written);
}
} // for ( int written = 0; written < length; )
fos.write(endRSAPrivateKey.getBytes());
fos.close();
} catch (IOException ex) {
} catch (CertificateEncodingException ex) {
}
} catch (java.security.NoSuchAlgorithmException x) {
} catch (java.security.SignatureException x) {
} catch (java.security.InvalidKeyException x) {
}
return X509certificate;
}