我正在创建ssl证书。我用过这段代码。
public static void main(String[] args){
try{
//Generate ROOT certificate
CertAndKeyGen keyGen=new CertAndKeyGen("RSA","SHA1WithRSA",null);
keyGen.generate(1024);
PrivateKey rootPrivateKey=keyGen.getPrivateKey();
X509Certificate rootCertificate = keyGen.getSelfCertificate(new X500Name("CN=PTA"), (long) 365 * 24 * 60 * 60);
//Generate intermediate certificate
CertAndKeyGen keyGen1=new CertAndKeyGen("RSA","SHA1WithRSA",null);
keyGen1.generate(1024);
PrivateKey middlePrivateKey=keyGen1.getPrivateKey();
X509Certificate middleCertificate = keyGen1.getSelfCertificate(new X500Name("CN=FastNet"), (long) 365 * 24 * 60 * 60);
//Generate leaf certificate
CertAndKeyGen keyGen2=new CertAndKeyGen("RSA","SHA1WithRSA",null);
keyGen2.generate(1024);
PrivateKey topPrivateKey=keyGen2.getPrivateKey();
X509Certificate topCertificate = keyGen2.getSelfCertificate(new X500Name("CN=Neon"), (long) 365 * 24 * 60 * 60);
rootCertificate = createSignedCertificate(rootCertificate,rootCertificate,rootPrivateKey);
middleCertificate = createSignedCertificate(middleCertificate,rootCertificate,rootPrivateKey);
topCertificate = createSignedCertificate(topCertificate,middleCertificate,middlePrivateKey);
X509Certificate[] chain = new X509Certificate[3];
//chain[0]=topCertificate;
//chain[1]=middleCertificate;
//chain[2]=rootCertificate;
chain[2]=topCertificate;
chain[1]=middleCertificate;
chain[0]=rootCertificate;
System.out.println(Arrays.toString(chain));
}catch(Exception ex){
ex.printStackTrace();
}
}
private static X509Certificate createSignedCertificate(X509Certificate cetrificate,X509Certificate issuerCertificate,PrivateKey issuerPrivateKey){
try{
Principal issuer = issuerCertificate.getSubjectDN();
String issuerSigAlg = issuerCertificate.getSigAlgName();
byte[] inCertBytes = cetrificate.getTBSCertificate();
X509CertInfo info = new X509CertInfo(inCertBytes);
info.set(X509CertInfo.ISSUER, (X500Name) issuer);
//No need to add the BasicContraint for leaf cert
if(!cetrificate.getSubjectDN().getName().equals("CN=Neon")){
CertificateExtensions exts=new CertificateExtensions();
BasicConstraintsExtension bce = new BasicConstraintsExtension(true, -1);
exts.set(BasicConstraintsExtension.NAME,new BasicConstraintsExtension(false, bce.getExtensionValue()));
info.set(X509CertInfo.EXTENSIONS, exts);
}
X509CertImpl outCert = new X509CertImpl(info);
outCert.sign(issuerPrivateKey, issuerSigAlg);
return outCert;
}catch(Exception ex){
ex.printStackTrace();
}
return null;
}
我得到输出:
版本:V3 主题:CN = PTA 签名算法:SHA1withRSA,OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 149715605396663388497155581351118592252783057689878885069908245260863565430460802412818367358299876634638359780252229696020802479157890788072833261563832108195747251668671703158252511484715904905685624305474923281348384506398192074853448780012281582290111563345678091608497553821391829971480670544649932159013
public exponent: 65537
Validity: From: Tue Nov 21 13:17:50 PKT 2017,
To: Wed Nov 21 13:17:50 PKT 2018
Issuer: CN=PTA
SerialNumber: 337317b9
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:
CA:true
PathLen:2147483647
Algorithm: SHA1withRSA
Signature:
0000: 1E 78 D7 F7 3A E6 E4 B5 D1 35 1C 2E FC 53 A2 85 .x..:....5...S..
0010: 61 BD F0 5A 72 D9 F7 11 23 75 80 7A 6E B0 E0 23 a..Zr...#u.zn..#
0020: BE E4 5F DE F1 16 A7 F2 B7 21 BA E8 13 CB 5A 1D .._......!....Z.
0030: A9 E4 45 ED 89 AE 87 1E 41 F4 47 B4 F7 EC C3 BE ..E.....A.G.....
0040: E0 EA FC 1F C7 23 0C 8F 3A 84 8B 98 83 B4 7E C2 .....#..:.......
0050: 6F 7A 5B AD F4 38 8E 00 10 A0 30 59 1F A3 09 49 oz[..8....0Y...I
0060: 0E 42 D0 82 D9 7F BF AC 4D 93 BC C5 A4 DC 04 54 .B......M......T
0070: 53 96 B8 7F AE BD 6D BD 94 E9 A8 A0 68 43 DB 30 S.....m.....hC.0
,
Version: V3
Subject: CN=FastNet
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 161657090792555516695586185263084527366349509696556183715928445892937137032979680125036388699182414350510579635688759948023466646898520852479701338811401262991832177452096078586456052551108597559503898191394682820545429625150985217333874981200678761714744624590813783219900274086624205553792352169064622425721
public exponent: 65537
Validity: From: Tue Nov 21 13:17:50 PKT 2017,
To: Wed Nov 21 13:17:50 PKT 2018
Issuer: CN=PTA
SerialNumber: 38004cdc
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: SHA1withRSA
Signature:
0000: 24 94 B2 08 80 4C 79 5E 66 CC D4 A4 85 CD 28 9F $....Ly^f.....(.
0010: 1B 80 E8 F9 04 F7 EA F3 78 AB 73 1A 03 59 ED 77 ........x.s..Y.w
0020: A9 C9 2A 7B D1 A8 D5 88 72 00 7F 82 04 8D 34 22 ..*.....r.....4"
0030: 20 E4 1F 4F ED CB 3A 34 CC 2D 85 91 5C 24 DF C5 ..O..:4.-..\$..
0040: 5A BE 08 3E 2E 64 87 E6 28 AA D5 FC 4C F6 FA 03 Z..>.d..(...L...
0050: 96 56 26 E9 CE 1D 7C 60 1B 66 F7 75 39 69 27 76 .V&....`.f.u9i'v
0060: 28 B5 88 8E 51 40 13 5C 94 05 CC 3F 9C 56 4E 27 (...Q@.\...?.VN'
0070: D9 4A 87 FA 0F DE 7F 8C 0A 46 77 3B C0 25 57 8A .J.......Fw;.%W.
,
Version: V3
Subject: CN=Neon
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 101561805201350912995790593526575119513151168158665152335461285366261351789268704157740436057113460399435904858902325860168207278136991174436556015812872375521572209765853124764558849092076972847896755938071801863244158743746567917559665570200348977261495405005075200724506808480138652079420561951562003264931
public exponent: 65537
Validity: From: Tue Nov 21 13:17:50 PKT 2017,
To: Wed Nov 21 13:17:50 PKT 2018
Issuer: CN=FastNet
SerialNumber: 5ee7fb6e
Algorithm: SHA1withRSA
Signature:
0000: 2D 04 84 DF C6 57 BB 12 0B 34 EF 04 61 15 2E 16 -....W...4..a...
0010: FB 71 F2 4C A0 B5 88 0B DD CC 10 7D AE C1 AB 54 .q.L...........T
0020: 7A D4 90 D2 DF FD A7 16 E6 AF D4 CF 6F 44 90 7A z...........oD.z
0030: C6 77 3F 26 30 9B A8 0A 6A 15 17 56 10 FA 64 D0 .w?&0...j..V..d.
0040: 7E F3 39 98 CD 3F D4 03 4C 83 5B 64 73 26 22 B5 ..9..?..L.[ds&".
0050: 0A DB 7B 9A 73 B1 4B 17 45 BF 49 28 F8 2D 01 EA ....s.K.E.I(.-..
0060: 89 78 8A 90 1A E5 00 96 15 59 B8 C9 3A CA 3F 35 .x.......Y..:.?5
0070: DA D2 EE C1 96 B1 18 F5 ED F2 6A D0 15 8A 61 13 ..........j...a.
我想集成Chrome浏览器。当我将此文本转换为.cer或.crt时。它给了我错误。
答案 0 :(得分:2)
您要保存证书摘要而不是实际证书。
对于createSignedCertificate生成的每个证书,您需要调用. getEncoded()来检索证书的DER编码字节。
获得字节后,将每个字节数组写入名为root.cer的文件。