How do I get the PKCS#10 information for my new windows/apache web server

Posted on 2005-05-10
Last Modified: 2012-05-05
How do I get the PKCS#10 information for my new windows/apache web server so I can request certs. I Have a win2000 server and apache 2.0 installed. I need to gather PKCS#10 info so that I can request my server certificate. How do I do this?
Question by:warrenrsmk
    1 Comment
    LVL 23

    Accepted Solution


    Sorted.  For reference, here's how it's done...

    1) I downloaded the signed BC provider jar file from (bcprov-jdk14-118.jar).  Installed it
    into $JAVA_HOME/jre/lib/ext and added it to my list of JCE providers:

       edit $JAVA_HOME/jre/lib/security/ and added the following line:

    2) Using keytool, I generated a certificate and self-signed it:

          keytool -genkey -alias cacert -keystore ca.jks
          keytool -selfcert -alias cacert -keystore ca.jks

    3) I generated a test CSR using OpenSSL

          openssl req -new -nodes -out csr.pem

        The PKCS10CertificationRequest constructor doesn't like "----BEGIN CERTIFICATE ...." type headers
        so I deleted them from the csr.pem file.  Also you have to delete all the newlines in the Base64 block
        because the constructor doesn't like these either.

    4) Used the following code to sign and output my certificate.  Note that Openssl expects the Base64 block
    to be lines of 64 chars each, so some tweaking will be required to read the certficate externally.

    Hope this is useful to somebody.

    import java.math.BigInteger;


    import org.bouncycastle.asn1.*;
    import org.bouncycastle.jce.X509Principal;
    import org.bouncycastle.jce.X509V3CertificateGenerator;
    import org.bouncycastle.jce.PKCS10CertificationRequest;
    import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
    import org.bouncycastle.util.encoders.Base64;

    public class BCTest {

       public static void main(String arg[]) {

          byte[] req = null;

          // Read PEM encoded certificate
          System.out.println("Reading certificate ...");
          try {
             File f = new File("csr.pem");
             FileInputStream fis = new FileInputStream(f);
             req = new byte[(int)f.length()];
          } catch(Exception e) { System.out.println(e); }

          // Create PKCS#10 object
          byte[] der = Base64.decode(req);
          PKCS10CertificationRequest pkcr = new org.bouncycastle.jce.PKCS10CertificationRequest(der);
          CertificationRequestInfo cri = pkcr.getCertificationRequestInfo();

          System.out.println("CSR subject is ...");

          // Read CA cert from KeyStore
          System.out.println("Reading CA certificate ...");
          KeyStore ks = null;
          PrivateKey caPrivKey = null;
          X509Certificate caCert = null;
          try {
             ks = KeyStore.getInstance("JKS");
             File f = new File("ca.jks");
             FileInputStream fis = new FileInputStream(f);
             ks.load(fis, "pass123".toCharArray());
             caPrivKey = (PrivateKey)ks.getKey("cacert", "pass123".toCharArray());
             caCert = (X509Certificate)ks.getCertificate("cacert");
          } catch(Exception e) { System.out.println(e); }

          // Sign the certificate
          System.out.println("Signing certificate ...");
          X509Certificate genCert = null;
          try {
             X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
             // Certificate valid from today ...
             v3CertGen.setNotBefore(new java.util.Date(System.currentTimeMillis()));
             // ... until one year from today
             v3CertGen.setNotAfter(new java.util.Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365)));

             genCert = v3CertGen.generateX509Certificate(caPrivKey);
          } catch(Exception e) { System.out.println(e); }

          // Output signed certificate in PEM format
          System.out.println("-----BEGIN CERTIFICATE-----");
          try {
             System.out.println(new String(Base64.encode(genCert.getEncoded())));
          } catch(Exception e) { System.out.println(e); }
          System.out.println("-----END CERTIFICATE-----");




    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Suggested Solutions

    This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
    In our day to day coding, how many times have we come across a necessity to check whether a URL is a broken link or not? For those of you that answered countless and are using ColdFusion like myself, then this article is for you.  It will show yo…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now