问题
My java program should sign received X509 certificate requests by using own key. Certificate requests are in PEM format. The key/certificate for signing is in the local java key store.
I have seek suitable classes from java.security package. But without success.
What classes of Java API should be used for signing X509 certificates?
I can convert PEM to DER, but decoding of DER causes problems. I have tried the following:
BufferedInputStream bis = new BufferedInputStream(new ByteArrayInputStream(derReq));
CertificateFactory certFact = CertificateFactory.getInstance("X.509");
java.security.cert.Certificate cert = certFact.generateCertificate(bis);
And
javax.security.cert.X509Certificate cer = X509Certificate.getInstance(derReq);
Both will cause the following exception:
javax.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input
So, seems that those are only for signed certificates, and not for X509 certificate requests.
回答1:
I haven't done any PKI with Java, but of course it usually remains the same. Check out this link: PKI Java
It covers the necessities for both JCE and BC.
来源:https://stackoverflow.com/questions/18077767/how-to-sign-x509-certificate-requests-by-using-java-api