Topic: 请问有方法可以像openssl那样以编程方式生成数字证书吗? |
Print this page |
1.请问有方法可以像openssl那样以编程方式生成数字证书吗? | Copy to clipboard |
Posted by: HexUzHoNG Posted on: 2007-08-31 16:52 参考这篇文章,基本搞定了tomcat ssl双向认证。 http://www.cjsdn.net/post/view?bid=6&id=27468&sty=1&tpg=1&age=0 其中的那些证书,是用openssl在命令行生成的。 但这样不适合正式环境。当很多用户申请数字证书时,不可能一个一个用户的去帮他们在命令行下生成。 请问有什么方法可以以编程方式生成数字证书? |
2.Re:请问有方法可以像openssl那样以编程方式生成数字证书吗? [Re: HexUzHoNG] | Copy to clipboard |
Posted by: lizhangyou Posted on: 2007-09-04 13:43 up |
3.Re:请问有方法可以像openssl那样以编程方式生成数字证书吗? [Re: HexUzHoNG] | Copy to clipboard |
Posted by: andy_wang_5 Posted on: 2007-09-05 14:37 public static X509Certificate makeCertificate(KeyPair subKP, String subDN, KeyPair issKP, String issDN) throws Exception { PublicKey subPub = subKP.getPublic(); PrivateKey issPriv = issKP.getPrivate(); PublicKey issPub = issKP.getPublic(); X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); v3CertGen.setSerialNumber(BigInteger.valueOf(serialNo++)); v3CertGen.setIssuerDN(new X509Name(issDN)); v3CertGen.setNotBefore(new Date(System.currentTimeMillis())); v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 1000))); v3CertGen.setSubjectDN(new X509Name(subDN)); v3CertGen.setPublicKey(subPub); v3CertGen.setSignatureAlgorithm("MD5WithRSA"); // v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, createSubjectKeyId(subPub)); v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, createAuthorityKeyId(issPub)); X509Certificate cert = v3CertGen.generateX509Certificate(issPriv); return cert; } |
4.Re:请问有方法可以像openssl那样以编程方式生成数字证书吗? [Re: HexUzHoNG] | Copy to clipboard |
Posted by: andy_wang_5 Posted on: 2007-09-05 15:17 请参考附件。 程序没有整理,有什么问题可以与我联系, msn: andy_wang_5@hotmail.com rsaencryption.zip (7.7k) |
Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1 客服电话 18559299278 客服信箱 714923@qq.com 客服QQ 714923 |