Creating certificate chains, any java CA APIs????

Discussion in 'Java' started by gfrommer@hotmail.com, Jun 16, 2005.

  1. Guest

    Hello everyone,

    I'm writing a program in which I want to create a certificate for
    the user on-the-fly. This is easy enough, possibly running the keytool
    through a Runtime.exec() command, but I want to have the newly created
    certificate signed by a parent certificate, and the keytool wont do
    this.

    So I'll be given a list of 5 master certificates or so, and client
    applications will request a new certificate derived from one of the
    five... is there an API or a java library I can use to do this?

    Thanks everyone

    Greg
    , Jun 16, 2005
    #1
    1. Advertising

  2. Chris Head Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    wrote:
    > Hello everyone,
    >
    > I'm writing a program in which I want to create a certificate for
    > the user on-the-fly. This is easy enough, possibly running the keytool
    > through a Runtime.exec() command, but I want to have the newly created
    > certificate signed by a parent certificate, and the keytool wont do
    > this.
    >
    > So I'll be given a list of 5 master certificates or so, and client
    > applications will request a new certificate derived from one of the
    > five... is there an API or a java library I can use to do this?
    >
    > Thanks everyone
    >
    > Greg
    >


    Hi,
    The BouncyCastle cryptography provider contains classes which are able
    to generate X.509 certificates. (See http://bouncycastle.org/) It may
    take a bit of work, and some time reading RFCs, but they do work. I
    haven't used them for a while, so I can't really help you any more than
    this. Note that if you want to generate certificate X signed by
    certificate Y, then you MUST have the private key for certificate Y. If
    you do not have the private key, it is impossible to generate the signature.

    Chris
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (MingW32)

    iD8DBQFCskGxgxSrXuMbw1YRAnB9AKC2zwUddzT/NqfUdUrp67h4wD8sWwCeOzJb
    OEXW97XMvGnNEEVLy5wyDT4=
    =sNm+
    -----END PGP SIGNATURE-----
    Chris Head, Jun 17, 2005
    #2
    1. Advertising

  3. Guest

    , Jun 17, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alex Hunsley
    Replies:
    2
    Views:
    466
    dimitar
    Jun 2, 2006
  2. Razi
    Replies:
    1
    Views:
    306
    Alf P. Steinbach
    Mar 24, 2006
  3. bogiebog
    Replies:
    1
    Views:
    367
    Roedy Green
    Dec 14, 2007
  4. Helena Cai
    Replies:
    0
    Views:
    395
    Helena Cai
    Aug 29, 2004
  5. Replies:
    0
    Views:
    409
Loading...

Share This Page