问题
I am using following code to generate root CA:
public static X509Certificate buildRootCert(KeyPair keyPair)
throws Exception {
X509v1CertificateBuilder certBldr = new JcaX509v1CertificateBuilder(
new X500Name("CN=Root"),
BigInteger.valueOf(1),
new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + 1000 * 3600 * 24),
new X500Name("CN=Root"), keyPair.getPublic());
ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA")
.setProvider("BC").build(keyPair.getPrivate());
return new JcaX509CertificateConverter().setProvider("BC")
.getCertificate(certBldr.build(signer));
}
After that I need 2 more steps to have CA Cert
- Print base64 code of cert with
PEMWriter - Copy output to
root.crtfile.
Windows recognizes it as CA Certificate and shows warning ...this certifiacate is not trusted..., but when I am trying to install this cert to Android it shows
The package contains: one user certificate
Installation is proceeded but cert is not present in user trusted list
Is this correct way to generate self-signed CA?
回答1:
I have added basic constraints and it started to recognize it as a CA.
来源:https://stackoverflow.com/questions/21021216/ca-x-509-generated-by-bouncy-castle-is-seen-on-android-as-user-certificate