How can I create a CA root certificate with Bouncy Castle?

Question

How can I create a CA root certificate with Bouncy Castle?

I need to create an X509 certificate with Bouncy Castle that serves as a CA certificate. The certificate will be manually added to the list of trusted CAs in web browsers. It will be used to sign server certificates.

How should I do it? Apart from the usual certificate attributes, there are some additional things that need to be included (the critical attribute says it is CA, ...).

It should work in at least the most important browsers (of course, only those that allow configuring root CAs).

+3

java https ca x509 bouncycastle

Gustave Jul 24 15 at 19:41

source to share

1 answer

anger · Answer 1 · 2015-11-19T21:31:42+0000

I did this:

KeyPairGenerator rsa = KeyPairGenerator.getInstance("RSA");
rsa.initialize(4096);
KeyPair kp = rsa.generateKeyPair();

Calendar cal = Calendar.getInstance();
cal.add(Calendar.YEAR, 1);

byte[] pk = kp.getPublic().getEncoded();
SubjectPublicKeyInfo bcPk = SubjectPublicKeyInfo.getInstance(pk);

X509v1CertificateBuilder certGen = new X509v1CertificateBuilder(
        new X500Name("CN=CA Cert"),
        BigInteger.ONE,
        new Date(),
        cal.getTime(),
        new X500Name("CN=CA Cert"),
        bcPk
);

X509CertificateHolder certHolder = certGen
        .build(new JcaContentSignerBuilder("SHA1withRSA").build(kp.getPrivate()));

BASE64Encoder encoder = new BASE64Encoder();

System.out.println("CA CERT");
System.out.println(X509Factory.BEGIN_CERT);
encoder.encodeBuffer(certHolder.getEncoded(), System.out);
System.out.println(X509Factory.END_CERT);

System.exit(0);

How can I create a CA root certificate with Bouncy Castle?

More articles: