What is the best way to create a certificate signing request using the AndroidKeyStoreProvider?
I read this article https://developer.android.com/training/articles/keystore.html .
It's good to generate a key pair. However, it does not talk about how to create a certificate signing request base for generation keys.
From my research, to generate CSRs in java, samples from the internet usually use the sun.*
BouncyCastle package or library. It looks like there is no way to generate CSR with standard API java.sercurity
. I read this Is it possible to create CSR using java.security without sun packages or external library? ... It seems to be true.
I have no choice but to use BouncyCastle? It's hard to imagine Android developers not considering this use.
By the way, the article also mentions that:
Generating a new PrivateKey requires that you also
specify the initial X.509 attributes that the self-signed certificate
will have. You can replace the certificate at a later time with a certificate
signed by a Certificate Authority
Suppose I finally got a certificate signed by a CA. What exactly should I do to "replace the certificate later"?
source to share
As far as generating a CSR (Certificate Sign Request) on an Android phone, I think it's pretty easy to use Spongycastle . This is the android port of Bouncycastle.
Let's say I finally got a certificate signed by a CA. What should I do to "replace the certificate later"?
Once you have the actual signed certificate that you need to get from a certification authority (CA), you no longer need your CSR; you should just save the signed certificate on your phone. Where to save them - I think you can get help here .
source to share