How to generate CSR (certificate signing request) in PKCS#10 format
Hi,
First, I am a novice in security issues.
Problem:
I know how to generate CSR using PKCS#10 format with keytool. However I need to implement this functionality in my application. Unfortunately I can't find any docs describing this issue.
Do anybody know about some API where I just pass data and it will generate CSR for me?
Many Thanks,
Miso
Hi again,
After a long research I am finally able to generate PKCS#10 cert. request files:
public static void generatePKCS10() throws Exception {
// generate PKCS10 certificate request
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
String sigAlg = "MD5WithRSA";
// generate private key - use java.util.SecureRandom for entropy
keyGen.initialize(1024, new SecureRandom());
KeyPair keypair = keyGen.generateKeyPair();
PublicKey publicKey = keypair.getPublic();
PrivateKey privateKey = keypair.getPrivate();
PKCS10 pkcs10 = new PKCS10(publicKey);
Signature signature = Signature.getInstance(sigAlg);
signature.initSign(privateKey);
//common, orgUnit, org, locality, state, country
X500Name x500Name = new X500Name(
"CName", // CN
"OUnit", // OU
"Organization", // O
"Bratislava", // L
"Slovakia", // S
"SK"); // C
pkcs10.encodeAndSign(new X500Signer(signature, x500Name));
// PKCS10 request generated
pkcs10.print(System.out);
Problem 1:
However, this generates only a request with X500 subject's name ("CN, OU, O, ..."). But I also want to specify other things like "Key Usage" (example: "Digital Signature, Key Encipherment, etc.") or "Generic IA5 String" (example: "Only for test purposes."). How to do that?
Problem 2:
I'm also having trouble to find javadoc for "sun.security" package. As you can see, I'm using "sun.security.pkcs.PKCS10" class for generating CSR in PKCS10 format, but can't find any javadoc for it.
Many thanks,
Miso
Similar Messages
-
Generate a Certificate Signing Request
Hey guys, I'm new to the Safari developer program and I'm having problems with the Generate a Certificate Signing Request for my PC. It worked fine on my Mac but not on my windows 7 PC. I follow the steps, saving the file then opening "CMD.exe" and type in the request and place "" with the path of the file saved in step one but once I hit enter it gives me a
Requires a Mac and your keychain.
-
How to create a certificate signing request that works with Microsoft CA
Hi, I have created a certificate signing request file with keytool. When I try to create a certificate from it with CertReq (I use a Microsoft CA) I get the following error message:
Certificate not issued (Denied) Denied by Policy Module The request does not contain a certificate template extension or the CertificateTemplate request attribute. (The request contains no certificate template information. 0x80094801 (-214687 5391)) Certificate Request Processor: The request contains no certificate template information. 0x80094801 (-2146875391) Denied by Policy Module The request does not contain a certificate template extension or the CertificateTemplate request attribute.
How do I create a certificate signing request file so that a Microsoft CA will accept it and create a certificate from it. Thanks, Linh.I'm writing a applecation about x509 to deal with certificate and certificate request.
I found that DER format certificate request create by sun's software with no extensions.
I think this cause your error.My be MS CA can't identify such a request!So it's difficult to solve this problem unless MS or Sun change their codes.
JStranger -
How do I generate a Certificate Signing Request (CSR)?
If I buy an SSL in godaddy, how do I generate the CSR? If my site is hosted in BC, who is the web server? I've had a few sites search for the name of the web server and it comes up as unknown every time.
Hi
You can not host your own SSL certificate on Business Catalyst at this stage.
When you upgrade your site with an online store and shopping cart, you don't need to worry about purchasing a SSL certificate. In fact, this system does not support SSL certificates from third-party vendors because each SSL certificate is set to a single server, and the hosting servers for the live site are built in large clusters; purchasing a certificate for every server would be cost prohibitive.
When a customer purchases items from you, the system utilizes the secure URL that is included with every site to ensure that the customer's credit card number and other personal information entered ion a live site are protected using Secure Socket Layers (SSL) technology.
More Details :
http://forums.adobe.com/thread/984496
http://kb.worldsecuresystems.com/kb/secure-urls.html
If you need an update or more depth information regarding same, please get in touch with BC support team and they will help you out.
Thanks,
Sanjit -
Generating a certificate signing request
This question was posted in response to the following article: http://help.adobe.com/en_US/as3/iphone/WS144092a96ffef7cc-371badff126abc17b1f-8000.html
Having a problem in Windows 7 with:
unable to write 'random state'...
try typing and executing this in the cmd window:
set RANDFILE=.rnd
Fixed it for me -
Generating Certificate signing request (CSR)
Hello,
We need to buy https digital certificate for our LIVE Enterprise Portal
(http://<host>:<port>/irj/portal) which would be hosted on the
Internet.
Please let me know how to generate a certificate signing request (CSR)
for the same.
Thanks & Regards,
RatishHi rathish,
Have a look at this [Blog|http://www.sdn.sap.com/irj/scn/weblogs;jsessionid=(J2EE3417100)ID1193319850DB11798871903065480805End?blog=/pub/wlg/2586] .It might help you.
Regards,
Krishna kattu. -
Certificate Signing request on Wireless LAN controller
Does anyone know how to generate a Certificate Signing Request on 5508 controllers running 7.0.116??
it can't be done on the WLC itself, you need to have OpenSSL on a seperate device. Check the following link for a walk through
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
Steve -
Certificate Signing Request file (CSR) with PIX
Hi everybody
Does anyone knows how to create a Certificate Signing Request from a PIX 515. I want to make a VPN tunnel between 2 PIX with certificates and the Onsite Verisign ask me for a CSR file witch must contain the public key and the name in an encrypted form.
Thank for your helpCheck out http://www.esign.com.au/custsupport/server/certsignreq/
-
Certificate signing request with subject alternative names?
Has anyone been successful at generating a certificate signing request for a certificate that uses subject alternative names via the Server Manager GUI? It seems to skip the entire X509 section of the CSR for me.
Command line via openssl works but I'd like to stick with the GUI for the encryption on the certificates.I just checked the documentation and found that your code is incorrect. IAlternativeName::StrValue contains value for an email address, a Domain Name System (DNS) name, a URL, a registered object identifier (OID), or a user principal name (UPN). It doesn't
contain string value for directory name (and other non-mentioned types). Instead, you need to instantiate an IX500DistinguishedName interface and initialize it from an alternative name value:
class Program {
static void Main(string[] args) {
String RequestString = "Base64-encoded request");
CX509CertificateRequestPkcs10 request = new CX509CertificateRequestPkcs10();
request.InitializeDecode(RequestString, EncodingType.XCN_CRYPT_STRING_BASE64_ANY);
Console.WriteLine("Subject: {0}", request.Subject.Name);
foreach (IX509Extension ext in request.X509Extensions) {
if (ext.ObjectId.Name == CERTENROLL_OBJECTID.XCN_OID_SUBJECT_ALT_NAME2) {
CX509ExtensionAlternativeNames extensionAlternativeNames = new CX509ExtensionAlternativeNames();
string rawData = ext.RawData[EncodingType.XCN_CRYPT_STRING_BASE64];
extensionAlternativeNames.InitializeDecode(EncodingType.XCN_CRYPT_STRING_BASE64, rawData);
foreach (CAlternativeName alternativeName in extensionAlternativeNames.AlternativeNames) {
switch (alternativeName.Type) {
case AlternativeNameType.XCN_CERT_ALT_NAME_DIRECTORY_NAME:
IX500DistinguishedName DN = new CX500DistinguishedName();
DN.Decode(alternativeName.RawData[EncodingType.XCN_CRYPT_STRING_BASE64]);
Console.WriteLine("SAN: {0}", DN.Name);
break;
default:
Console.WriteLine("SAN: {0}", alternativeName.strValue);
break;
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell FCIV tool. -
Certificate Signing Request never arrives
I have created a CA using Certificate Assistant and have managed to create two certificates for myself locally and get Mail to recognise the keys and certificates for those email accounts. Everything works as expected.
However, when I send a CSR (Certificate Signing Request) from Certificate Assistant on another computer, nothing ever shows up in my inbox for me to sign.
What happened to the CSR? I'm pretty sure it left because I locked the keychain with my email password on first and Certificate Assistant asked me to unlock it, presumably to send the message as there's nothing else on that keychain (I've been trying to debug this for a couple of hours now). Regular email sent from the second computer arrives almost instantaneously at the first.
Any ideas / similar experiences?tried the same thing, same issue. there is not even anything about sending mail in the logs. I wonder ... is this actually implemented?
Apple help! -
Certificate Signing Request CSR
Hi All,
Anyone knew how to generate Certificate Signing Request (CSR) from Oracle OC4J Application server?
I'm using this command
"keytool -genkey -keyalg RSA -keystore.jks -storepass 123456"
Then I just complete the details before got this error
"keytool error: java.lang.IllegalStateException: masked envelope"
Am I doing the correct things or not?
TQ For your help.Sorry, it's my fault actually because run it in the wrong directory. I run it in ORACLE_HOME directory it should be in ORACLE_HOME/j2ee directory...
But if you use Oracle Wallet Manager, it's easier... -
How to sign a certificate signing request
Hi all,
In the PKI process, a client generates a PKCS#10 [certificate signing request|http://en.wikipedia.org/wiki/Certificate_signing_request] (CSR see [sun.security.pkcs.PKCS10|http://www.docjar.com/docs/api/sun/security/pkcs/PKCS10.html] ), sends it to the certification authority (CA), & once the identity has been checked by the CA, the client retrieves his X.509 certificate (signed by the CA), sometimes along with the CA X.509 self-signed certificate.
I am acting as a CA, the current only way I know to transform a CSR to a X.509 certificate is by using OpenSSL :
openssl ca -config X509CA/openssl.cnf -days 365 -in CertName_csr.pem -out CertName.pem (see here ).
Is there any keytool way or even better any sun.security.* way to do that operation programmatically using Java code ?
Thanks for your feedback.
Edited by: Le_Sage on 19 avr. 2010 12:12That's right, found the doc here : [keytool -gencert|http://download.java.net/jdk7/docs/technotes/tools/windows/keytool.html#gencertCmd] .
I guess the underlying code must be found under sun.security.* or com.sun.* code. I'll try to have a look.
Thanks for your feedback. -
Generation of 1024 bits key certificate signing request-sun one app srvr 7
Kindly help to generate 1024 bits key certificate signing request in sun one application server 7. The problem faced by me is that during csr generation the key lengh is 512 as this is the default value.Now i would like to change this default value and would like to generate a key with length 1024.Kindly help me.
Thanks in advance
Vishnu PriyanOK, post a new Topic, title it Need help with self-signed certificate
Before you post, search the forums for the problem. Do the footwork.
Then, take your time, post exactly which of these steps you have taken, what the results were, and exactly where you are having problems, what the exact problem is (error message, whatever).
You are going to have much better response if someone can easily figure out what the problem you are having is. If you look at this thread, you will see "I have tried these 10 steps and they don't work". You are going to get nowhere with that.
I have to sleep now, good luck. -
Submit Certificate Signing Request - INVALID?
Okay, I'm at the stage of the Flash-to-iOS process of submitting my Certificate Signing Request (CSR) thru the "Developing Provision Assistant" ("Wizard") in the Provisioning Portal of the Apple iOS developer site. I've followed the instructions, made the CSR, yet when an attempt is made to upload and process it, I get this error:
"The Certificate file selected is invalid. Please check the file and try again."
What might be wrong?i've reviewed the file, and it looks fine to me. the file name is:
thenamechosen1.certSigningRequest
and has this general content (the key identity here, of course, is fake and not included from my actual CSR file):
-----BEGIN CERTIFICATE REQUEST-----
dhdFj47dFKbyrFUS7dUD&$HD/djdOS4@jd77s99d8dhfjs2873hdydp74hdlndgdDDshs
d8dhfjs2873hdydp74hdlndgdDDshsrFUS7dUD&$HD/djdOSAAsjsjdbdTTjj63hdodk
bcCf8d/djsAAEd8jfndKDhiuRTY79dhdVDjrys%kdndrFUS7dUD&$HD/djdOS
dUD&$HD/djdOSAAsjsjdbdTTjj63hdodkydp74hdlndgdDDsUD&$HD/djdOS4@jd7
7s99d8dhfjs2873hdydp74hdl3hdydp74hdlndgdDDshsrFUS7dFUS7dUD&$HD/djd
S7dUD&$HD/djdOS4@jd77s99d8Ed8jfndKDhiuRTY79dhdVDjrys%kdndrFUS7dUD
873hdydp74hdlndgdDDshsrFUS7US7dUD&$HD/djdOSAAsjbcCf8d/djsAAEd8jfndKD
dp74hdl3hdydp74hdlndgdDDshsrFUS7dFUS7dUD&lndgdDDshsrFUS7dUD&$HD/Fss4
DhiuRTY79dhdVDjrys%kdndrFUS7dUD&$HD/djdp74hdlndgdDDshsrFUS7d
dTTjj63hdodkydp74hdlndgdDDsUD&$H7dUD&$HD/djdOKDhiuRTY79dhdlndgdDDsUD2hi
bcCf8d/djsAAEdfjs2873hdydp79dhdVDjrys%kddp74hdlndgdDDshs
-----END CERTIFICATE REQUEST----- -
How to generate csr for third party code signing cert?
I've been reading about code signing, but can't see how to generate a csr to use with a third party CA. Does someone have a tutorial, link, suggestion?
Hi,
Here is an document which discussed on how to implement code signing with using third party certificate for you reference:
http://download.microsoft.com/download/a/f/7/af7777e5-7dcd-4800-8a0a-b18336565f5b/best_practices.doc
For further suggestions, it is recommend you to get further support in the MSDN Forum so that you can get the most qualified pool of respondents.
http://social.msdn.microsoft.com/forums/en-US/categories/
Thanks
Tiger Li
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Maybe you are looking for
-
New Mac Mini will not recognize bluetooth keyboard
I just bought a new mac mini, and the apple keyboard. I can see the welcome "Use english" screen, and I press ENTER on the keyboard but nothing happens! I know the keyboard is not the problem becuase I tested it on my iPad and it worked. I've un-p
-
ADF -how to create table binding when view object is no known until runtime
I want to programmatically create a table binding to a view object where the view object name is not known until run-time. Then I will use a dynamic table to display it. Can anyone provide an example?
-
How do i delete some of my saved bookmarks. I have too many and want to clean them up.
I have gone crazy bookmarking so many websites and have noticed that there are some I rarely use. I would like to do 2 things. One, i would like to delete some of them, and two, I would like to rearrange the most populare to the first drop down. Is t
-
Hi experts, I am playing with a Cisco 1142 AP. I have same SSID configured on both dot0 and dot1 interfaces. I have a test laptop and it has a Linksys dual-band wireless adapter. However the card always try to associate on the 2.4GHz. It will only as
-
Oracle OLAP:Same member values across dimensions
We had an enquiry from a client which mentions: Per Essbase the same dimension member value cannot exist across multiple dimensions. e.g. if we have a account dimension with member 1001 , it is not possible to have product dimension with same member