编程语言
首页 > 编程语言> > 如何在Java中生成多域(UCC)证书?

如何在Java中生成多域(UCC)证书?

作者:互联网

目前我正在使用BouncyCastle库生成证书.像这样的东西:

X509V3CertificateGenerator certGenerator = new X509V3CertificateGenerator();
certGenerator.setIssuerDN( rootCertificate.getSubjectX500Principal() );
certGenerator.setSignatureAlgorithm( "SHA1withRSA" );
certGenerator.setSerialNumber( serial );
certGenerator.setNotBefore( notBefore );
certGenerator.setNotAfter( notAfter );
certGenerator.setPublicKey( rootCertificate.getPublicKey() );

Hashtable<DERObjectIdentifier, String> attrs = new Hashtable<DERObjectIdentifier, String>();
Vector<DERObjectIdentifier> order = new Vector<DERObjectIdentifier>();

attrs.put( X509Principal.C, "RU" );
// other attrs.put() calls here

order.addElement( X509Principal.C );
// other order.addElement() calls here

certGenerator.setSubjectDN( new X509Principal( order, attrs ) );
certGenerator.addExtension( X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure( rootCertificate ) );
certGenerator.addExtension( X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure( newKeyPair.getPublic() ) );

return certGenerator.generate( rootPrivateKey, "BC" );

我可以将SubjectAltNames字段添加到生成的证书中吗?

解决方法:

要完成此任务,请在certGenerator.generate()调用之前插入以下内容:

ASN1EncodableVector alternativeNames = new ASN1EncodableVector();
for( String domainName : domainNames )
{
  alternativeNames.add( new GeneralName( GeneralName.dNSName, domainName ) );
}
certGenerator.addExtension( X509Extensions.SubjectAlternativeName, false, new GeneralNames( new DERSequence( alternativeNames ) ) );

(由Double-V提供的答案).

标签:java,ssl-certificate,bouncycastle,multiple-domains
来源: https://codeday.me/bug/20190521/1147937.html