Creating certificate chains, any java CA APIs????

gfrommer · Jun 16, 2005

Hello everyone,

I'm writing a program in which I want to create a certificate for
the user on-the-fly. This is easy enough, possibly running the keytool
through a Runtime.exec() command, but I want to have the newly created
certificate signed by a parent certificate, and the keytool wont do
this.

So I'll be given a list of 5 master certificates or so, and client
applications will request a new certificate derived from one of the
five... is there an API or a java library I can use to do this?

Thanks everyone

Greg

Chris Head · Jun 17, 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everyone,

I'm writing a program in which I want to create a certificate for
the user on-the-fly. This is easy enough, possibly running the keytool
through a Runtime.exec() command, but I want to have the newly created
certificate signed by a parent certificate, and the keytool wont do
this.

So I'll be given a list of 5 master certificates or so, and client
applications will request a new certificate derived from one of the
five... is there an API or a java library I can use to do this?

Thanks everyone

Greg

Hi,
The BouncyCastle cryptography provider contains classes which are able
to generate X.509 certificates. (See http://bouncycastle.org/) It may
take a bit of work, and some time reading RFCs, but they do work. I
haven't used them for a while, so I can't really help you any more than
this. Note that if you want to generate certificate X signed by
certificate Y, then you MUST have the private key for certificate Y. If
you do not have the private key, it is impossible to generate the signature.

Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)

iD8DBQFCskGxgxSrXuMbw1YRAnB9AKC2zwUddzT/NqfUdUrp67h4wD8sWwCeOzJb
OEXW97XMvGnNEEVLy5wyDT4=
=sNm+
-----END PGP SIGNATURE-----

iksrazal · Jun 17, 2005

Apart from the bouncy castle advice which you may need to look into as
a provider, there is the Java api certpath.

http://java.sun.com/j2se/1.4.2/docs/guide/security/certpath/CertPathProgGuide.html

I know X.509 a bit and you are correct that while you can generate one
with keytool and the java.security.* and javax.crypto.* libs, what you
really need for a certchain is certpath.

HTH,
iksrazal
http://www.braziloutsource.com/

Certificate chain and Java Web Start	4	Mar 28, 2007
certificate problem	7	Jan 25, 2006
certificate not trusted even though I imported it	2	Jan 3, 2007
Solution - Verisign expired root CA and "No trusted certificate found" using JSSE	2	Jul 29, 2005
How to use CRLs when validating certificate paths	3	Aug 28, 2007
Need a Sr Java Developer(Core Java) \| Irvine, CA	0	Oct 23, 2009
SSL trust chains	0	Oct 16, 2003
Problem with Java SSL: No trusted certificate found	0	Aug 16, 2004

Creating certificate chains, any java CA APIs????

gfrommer

Chris Head

iksrazal

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads