[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How do I get the PKCS#10 information for my new windows/apache web server

Posted on 2005-05-10
3
Medium Priority
?
439 Views
Last Modified: 2012-05-05
How do I get the PKCS#10 information for my new windows/apache web server so I can request certs. I Have a win2000 server and apache 2.0 installed. I need to gather PKCS#10 info so that I can request my server certificate. How do I do this?
0
Comment
Question by:warrenrsmk
1 Comment
 
LVL 23

Accepted Solution

by:
rama_krishna580 earned 1000 total points
ID: 14106628
Hi,

Sorted.  For reference, here's how it's done...

1) I downloaded the signed BC provider jar file from bouncycastle.org (bcprov-jdk14-118.jar).  Installed it
into $JAVA_HOME/jre/lib/ext and added it to my list of JCE providers:

   edit $JAVA_HOME/jre/lib/security/java.security and added the following line:
      security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider

2) Using keytool, I generated a certificate and self-signed it:

      keytool -genkey -alias cacert -keystore ca.jks
      keytool -selfcert -alias cacert -keystore ca.jks

3) I generated a test CSR using OpenSSL

      openssl req -new -nodes -out csr.pem

    The PKCS10CertificationRequest constructor doesn't like "----BEGIN CERTIFICATE ...." type headers
    so I deleted them from the csr.pem file.  Also you have to delete all the newlines in the Base64 block
    because the constructor doesn't like these either.

4) Used the following code to sign and output my certificate.  Note that Openssl expects the Base64 block
to be lines of 64 chars each, so some tweaking will be required to read the certficate externally.

Hope this is useful to somebody.

import java.io.*;
import java.math.BigInteger;

import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

import org.bouncycastle.asn1.*;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.X509V3CertificateGenerator;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.util.encoders.Base64;

public class BCTest {

   public static void main(String arg[]) {

      byte[] req = null;

      // Read PEM encoded certificate
      System.out.println("Reading certificate ...");
      try {
         File f = new File("csr.pem");
         FileInputStream fis = new FileInputStream(f);
         req = new byte[(int)f.length()];
         fis.read(req);
         fis.close();
      } catch(Exception e) { System.out.println(e); }

      // Create PKCS#10 object
      byte[] der = Base64.decode(req);
      PKCS10CertificationRequest pkcr = new org.bouncycastle.jce.PKCS10CertificationRequest(der);
      CertificationRequestInfo cri = pkcr.getCertificationRequestInfo();

      System.out.println("CSR subject is ...");
      System.out.println(cri.getSubject().toString());
      System.out.println();

      // Read CA cert from KeyStore
      System.out.println("Reading CA certificate ...");
      KeyStore ks = null;
      PrivateKey caPrivKey = null;
      X509Certificate caCert = null;
      try {
         ks = KeyStore.getInstance("JKS");
         File f = new File("ca.jks");
         FileInputStream fis = new FileInputStream(f);
         ks.load(fis, "pass123".toCharArray());
         fis.close();
         caPrivKey = (PrivateKey)ks.getKey("cacert", "pass123".toCharArray());
         caCert = (X509Certificate)ks.getCertificate("cacert");
      } catch(Exception e) { System.out.println(e); }

      // Sign the certificate
      System.out.println("Signing certificate ...");
      X509Certificate genCert = null;
      try {
         X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
         v3CertGen.reset();  
         v3CertGen.setSubjectDN(cri.getSubject());
         v3CertGen.setPublicKey(pkcr.getPublicKey());
         v3CertGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
         v3CertGen.setSignatureAlgorithm(caCert.getSigAlgName());
         v3CertGen.setIssuerDN(new
         org.bouncycastle.asn1.x509.X509Name((caCert.getIssuerDN().getName())));
         // Certificate valid from today ...
         v3CertGen.setNotBefore(new java.util.Date(System.currentTimeMillis()));
         // ... until one year from today
         v3CertGen.setNotAfter(new java.util.Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365)));

         genCert = v3CertGen.generateX509Certificate(caPrivKey);
      } catch(Exception e) { System.out.println(e); }

      // Output signed certificate in PEM format
      System.out.println(genCert.toString());
      System.out.println("-----BEGIN CERTIFICATE-----");
      try {
         System.out.println(new String(Base64.encode(genCert.getEncoded())));
      } catch(Exception e) { System.out.println(e); }
      System.out.println("-----END CERTIFICATE-----");

   }

}

R.K
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses
Course of the Month19 days, 21 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question