How do I get the PKCS#10 information for my new windows/apache web server

How do I get the PKCS#10 information for my new windows/apache web server so I can request certs. I Have a win2000 server and apache 2.0 installed. I need to gather PKCS#10 info so that I can request my server certificate. How do I do this?
warrenrsmkAsked:
Who is Participating?
 
rama_krishna580Commented:
Hi,

Sorted.  For reference, here's how it's done...

1) I downloaded the signed BC provider jar file from bouncycastle.org (bcprov-jdk14-118.jar).  Installed it
into $JAVA_HOME/jre/lib/ext and added it to my list of JCE providers:

   edit $JAVA_HOME/jre/lib/security/java.security and added the following line:
      security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider

2) Using keytool, I generated a certificate and self-signed it:

      keytool -genkey -alias cacert -keystore ca.jks
      keytool -selfcert -alias cacert -keystore ca.jks

3) I generated a test CSR using OpenSSL

      openssl req -new -nodes -out csr.pem

    The PKCS10CertificationRequest constructor doesn't like "----BEGIN CERTIFICATE ...." type headers
    so I deleted them from the csr.pem file.  Also you have to delete all the newlines in the Base64 block
    because the constructor doesn't like these either.

4) Used the following code to sign and output my certificate.  Note that Openssl expects the Base64 block
to be lines of 64 chars each, so some tweaking will be required to read the certficate externally.

Hope this is useful to somebody.

import java.io.*;
import java.math.BigInteger;

import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

import org.bouncycastle.asn1.*;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.X509V3CertificateGenerator;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.util.encoders.Base64;

public class BCTest {

   public static void main(String arg[]) {

      byte[] req = null;

      // Read PEM encoded certificate
      System.out.println("Reading certificate ...");
      try {
         File f = new File("csr.pem");
         FileInputStream fis = new FileInputStream(f);
         req = new byte[(int)f.length()];
         fis.read(req);
         fis.close();
      } catch(Exception e) { System.out.println(e); }

      // Create PKCS#10 object
      byte[] der = Base64.decode(req);
      PKCS10CertificationRequest pkcr = new org.bouncycastle.jce.PKCS10CertificationRequest(der);
      CertificationRequestInfo cri = pkcr.getCertificationRequestInfo();

      System.out.println("CSR subject is ...");
      System.out.println(cri.getSubject().toString());
      System.out.println();

      // Read CA cert from KeyStore
      System.out.println("Reading CA certificate ...");
      KeyStore ks = null;
      PrivateKey caPrivKey = null;
      X509Certificate caCert = null;
      try {
         ks = KeyStore.getInstance("JKS");
         File f = new File("ca.jks");
         FileInputStream fis = new FileInputStream(f);
         ks.load(fis, "pass123".toCharArray());
         fis.close();
         caPrivKey = (PrivateKey)ks.getKey("cacert", "pass123".toCharArray());
         caCert = (X509Certificate)ks.getCertificate("cacert");
      } catch(Exception e) { System.out.println(e); }

      // Sign the certificate
      System.out.println("Signing certificate ...");
      X509Certificate genCert = null;
      try {
         X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
         v3CertGen.reset();  
         v3CertGen.setSubjectDN(cri.getSubject());
         v3CertGen.setPublicKey(pkcr.getPublicKey());
         v3CertGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
         v3CertGen.setSignatureAlgorithm(caCert.getSigAlgName());
         v3CertGen.setIssuerDN(new
         org.bouncycastle.asn1.x509.X509Name((caCert.getIssuerDN().getName())));
         // Certificate valid from today ...
         v3CertGen.setNotBefore(new java.util.Date(System.currentTimeMillis()));
         // ... until one year from today
         v3CertGen.setNotAfter(new java.util.Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365)));

         genCert = v3CertGen.generateX509Certificate(caPrivKey);
      } catch(Exception e) { System.out.println(e); }

      // Output signed certificate in PEM format
      System.out.println(genCert.toString());
      System.out.println("-----BEGIN CERTIFICATE-----");
      try {
         System.out.println(new String(Base64.encode(genCert.getEncoded())));
      } catch(Exception e) { System.out.println(e); }
      System.out.println("-----END CERTIFICATE-----");

   }

}

R.K
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.