中国Java开发网 中国Java开发网
注册 | 登录 | 帮助 | 搜索 | 排行榜 | 发帖统计  

您没有登录

» 中国Java开发网 » Java Security  

按打印兼容模式打印这个话题 打印话题    把这个话题寄给朋友 寄给朋友    该主题的所有更新都将Email到你的邮箱 订阅主题
flat modethreaded modego to previous topicgo to next topicgo to back
作者 请问有方法可以像openssl那样以编程方式生成数字证书吗?
HexUzHoNG





发贴: 18
积分: 1
于 2007-08-31 16:52 user profilesend a private message to usersearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
参考这篇文章,基本搞定了tomcat ssl双向认证。
http://www.cjsdn.net/post/view?bid=6&id=27468&sty=1&tpg=1&age=0

其中的那些证书,是用openssl在命令行生成的。
但这样不适合正式环境。当很多用户申请数字证书时,不可能一个一个用户的去帮他们在命令行下生成。

请问有什么方法可以以编程方式生成数字证书?


HexUzHoNG edited on 2007-08-31 16:56

作者 Re:请问有方法可以像openssl那样以编程方式生成数字证书吗? [Re:HexUzHoNG]
lizhangyou





发贴: 2
积分: 0
于 2007-09-04 13:43 user profilesend a private message to usersearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
up


作者 Re:请问有方法可以像openssl那样以编程方式生成数字证书吗? [Re:HexUzHoNG]
andy_wang_5





发贴: 101
积分: 14
于 2007-09-05 14:37 user profilesend a private message to usersearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
public static X509Certificate makeCertificate(KeyPair subKP, String subDN,
              KeyPair issKP, String issDN) throws Exception {
    PublicKey subPub = subKP.getPublic();
    PrivateKey issPriv = issKP.getPrivate();
    PublicKey issPub = issKP.getPublic();

    X509V3CertificateGenerator v3CertGen =
      new X509V3CertificateGenerator();

    v3CertGen.setSerialNumber(BigInteger.valueOf(serialNo++));
    v3CertGen.setIssuerDN(new X509Name(issDN));
    v3CertGen.setNotBefore(new Date(System.currentTimeMillis()));
    v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
        + (1000L * 60 * 60 * 24 * 1000)));
    v3CertGen.setSubjectDN(new X509Name(subDN));
    v3CertGen.setPublicKey(subPub);
    v3CertGen.setSignatureAlgorithm("MD5WithRSA");

    //
    v3CertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
        createSubjectKeyId(subPub));

    v3CertGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
        createAuthorityKeyId(issPub));

    X509Certificate cert = v3CertGen.generateX509Certificate(issPriv);
    return cert;
  }



鹰行折翼 再盼凌云
作者 Re:请问有方法可以像openssl那样以编程方式生成数字证书吗? [Re:HexUzHoNG]
andy_wang_5





发贴: 101
积分: 14
于 2007-09-05 15:17 user profilesend a private message to usersearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
请参考附件。 程序没有整理,有什么问题可以与我联系,
msn: andy_wang_5@hotmail.com

rsaencryption.zip (7.7k)



鹰行折翼 再盼凌云

flat modethreaded modego to previous topicgo to next topicgo to back
  已读帖子
  新的帖子
  被删除的帖子
Jump to the top of page

   Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent
Copyright © 2002-2018 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号
客服电话 0592-8750026    客服信箱 714923@qq.com    客服QQ 714923