java - 浏览器集成ssl证书

标签 java security ssl x509certificate

我正在创建 ssl 证书。我使用了这段代码。

public static void main(String[] args){
    try{
        //Generate ROOT certificate
        CertAndKeyGen keyGen=new CertAndKeyGen("RSA","SHA1WithRSA",null);
        keyGen.generate(1024);
        PrivateKey rootPrivateKey=keyGen.getPrivateKey();

        X509Certificate rootCertificate = keyGen.getSelfCertificate(new X500Name("CN=PTA"), (long) 365 * 24 * 60 * 60);

        //Generate intermediate certificate
        CertAndKeyGen keyGen1=new CertAndKeyGen("RSA","SHA1WithRSA",null);
        keyGen1.generate(1024);
        PrivateKey middlePrivateKey=keyGen1.getPrivateKey();

        X509Certificate middleCertificate = keyGen1.getSelfCertificate(new X500Name("CN=FastNet"), (long) 365 * 24 * 60 * 60);

        //Generate leaf certificate
        CertAndKeyGen keyGen2=new CertAndKeyGen("RSA","SHA1WithRSA",null);
        keyGen2.generate(1024);
        PrivateKey topPrivateKey=keyGen2.getPrivateKey();

        X509Certificate topCertificate = keyGen2.getSelfCertificate(new X500Name("CN=Neon"), (long) 365 * 24 * 60 * 60);

        rootCertificate   = createSignedCertificate(rootCertificate,rootCertificate,rootPrivateKey);
        middleCertificate = createSignedCertificate(middleCertificate,rootCertificate,rootPrivateKey);
        topCertificate    = createSignedCertificate(topCertificate,middleCertificate,middlePrivateKey);

        X509Certificate[] chain = new X509Certificate[3];
        //chain[0]=topCertificate;
        //chain[1]=middleCertificate;
        //chain[2]=rootCertificate;

        chain[2]=topCertificate;
        chain[1]=middleCertificate;
        chain[0]=rootCertificate;

        System.out.println(Arrays.toString(chain));
    }catch(Exception ex){
        ex.printStackTrace();
    }
}

private static X509Certificate createSignedCertificate(X509Certificate cetrificate,X509Certificate issuerCertificate,PrivateKey issuerPrivateKey){
    try{
        Principal issuer = issuerCertificate.getSubjectDN();
        String issuerSigAlg = issuerCertificate.getSigAlgName();

        byte[] inCertBytes = cetrificate.getTBSCertificate();
        X509CertInfo info = new X509CertInfo(inCertBytes);
        info.set(X509CertInfo.ISSUER, (X500Name) issuer);

        //No need to add the BasicContraint for leaf cert
        if(!cetrificate.getSubjectDN().getName().equals("CN=Neon")){
            CertificateExtensions exts=new CertificateExtensions();
            BasicConstraintsExtension bce = new BasicConstraintsExtension(true, -1);
            exts.set(BasicConstraintsExtension.NAME,new BasicConstraintsExtension(false, bce.getExtensionValue()));
            info.set(X509CertInfo.EXTENSIONS, exts);
        }

        X509CertImpl outCert = new X509CertImpl(info);
        outCert.sign(issuerPrivateKey, issuerSigAlg);

        return outCert;
    }catch(Exception ex){
        ex.printStackTrace();
    }
    return null;
}

我得到这样的输出:

版本:V3 主题:CN=PTA 签名算法:SHA1withRSA,OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 149715605396663388497155581351118592252783057689878885069908245260863565430460802412818367358299876634638359780252229696020802479157890788072833261563832108195747251668671703158252511484715904905685624305474923281348384506398192074853448780012281582290111563345678091608497553821391829971480670544649932159013
  public exponent: 65537
  Validity: From: Tue Nov 21 13:17:50 PKT 2017,
               To: Wed Nov 21 13:17:50 PKT 2018
  Issuer: CN=PTA
  SerialNumber:    337317b9

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:
  CA:true
  PathLen:2147483647



  Algorithm: SHA1withRSA
  Signature:
0000: 1E 78 D7 F7 3A E6 E4 B5   D1 35 1C 2E FC 53 A2 85  .x..:....5...S..
0010: 61 BD F0 5A 72 D9 F7 11   23 75 80 7A 6E B0 E0 23  a..Zr...#u.zn..#
0020: BE E4 5F DE F1 16 A7 F2   B7 21 BA E8 13 CB 5A 1D  .._......!....Z.
0030: A9 E4 45 ED 89 AE 87 1E   41 F4 47 B4 F7 EC C3 BE  ..E.....A.G.....
0040: E0 EA FC 1F C7 23 0C 8F   3A 84 8B 98 83 B4 7E C2  .....#..:.......
0050: 6F 7A 5B AD F4 38 8E 00   10 A0 30 59 1F A3 09 49  oz[..8....0Y...I
0060: 0E 42 D0 82 D9 7F BF AC   4D 93 BC C5 A4 DC 04 54  .B......M......T
0070: 53 96 B8 7F AE BD 6D BD   94 E9 A8 A0 68 43 DB 30  S.....m.....hC.0

, 

  Version: V3
  Subject: CN=FastNet
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 161657090792555516695586185263084527366349509696556183715928445892937137032979680125036388699182414350510579635688759948023466646898520852479701338811401262991832177452096078586456052551108597559503898191394682820545429625150985217333874981200678761714744624590813783219900274086624205553792352169064622425721
  public exponent: 65537
  Validity: From: Tue Nov 21 13:17:50 PKT 2017,
               To: Wed Nov 21 13:17:50 PKT 2018
  Issuer: CN=PTA
  SerialNumber:    38004cdc
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647



  Algorithm: SHA1withRSA
  Signature:
0000: 24 94 B2 08 80 4C 79 5E   66 CC D4 A4 85 CD 28 9F  $....Ly^f.....(.
0010: 1B 80 E8 F9 04 F7 EA F3   78 AB 73 1A 03 59 ED 77  ........x.s..Y.w
0020: A9 C9 2A 7B D1 A8 D5 88   72 00 7F 82 04 8D 34 22  ..*.....r.....4"
0030: 20 E4 1F 4F ED CB 3A 34   CC 2D 85 91 5C 24 DF C5   ..O..:4.-..\$..
0040: 5A BE 08 3E 2E 64 87 E6   28 AA D5 FC 4C F6 FA 03  Z..>.d..(...L...
0050: 96 56 26 E9 CE 1D 7C 60   1B 66 F7 75 39 69 27 76  .V&....`.f.u9i'v
0060: 28 B5 88 8E 51 40 13 5C   94 05 CC 3F 9C 56 4E 27  (...Q@.\...?.VN'
0070: D9 4A 87 FA 0F DE 7F 8C   0A 46 77 3B C0 25 57 8A  .J.......Fw;.%W.

, 

  Version: V3
  Subject: CN=Neon
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus: 101561805201350912995790593526575119513151168158665152335461285366261351789268704157740436057113460399435904858902325860168207278136991174436556015812872375521572209765853124764558849092076972847896755938071801863244158743746567917559665570200348977261495405005075200724506808480138652079420561951562003264931
  public exponent: 65537
  Validity: From: Tue Nov 21 13:17:50 PKT 2017,
               To: Wed Nov 21 13:17:50 PKT 2018
  Issuer: CN=FastNet
  SerialNumber:    5ee7fb6e


  Algorithm: SHA1withRSA
  Signature:
0000: 2D 04 84 DF C6 57 BB 12   0B 34 EF 04 61 15 2E 16  -....W...4..a...
0010: FB 71 F2 4C A0 B5 88 0B   DD CC 10 7D AE C1 AB 54  .q.L...........T
0020: 7A D4 90 D2 DF FD A7 16   E6 AF D4 CF 6F 44 90 7A  z...........oD.z
0030: C6 77 3F 26 30 9B A8 0A   6A 15 17 56 10 FA 64 D0  .w?&0...j..V..d.
0040: 7E F3 39 98 CD 3F D4 03   4C 83 5B 64 73 26 22 B5  ..9..?..L.[ds&".
0050: 0A DB 7B 9A 73 B1 4B 17   45 BF 49 28 F8 2D 01 EA  ....s.K.E.I(.-..
0060: 89 78 8A 90 1A E5 00 96   15 59 B8 C9 3A CA 3F 35  .x.......Y..:.?5
0070: DA D2 EE C1 96 B1 18 F5   ED F2 6A D0 15 8A 61 13  ..........j...a.

我想集成到 chrome 浏览器中。当我将此文本转换为 .cer 或 .crt 时。它给了我错误。

最佳答案

您保存的是证书摘要而不是实际证书。

对于createSignedCertificate生成的每个证书,您需要调用。 getEncoded() 检索证书的 DER 编码字节。

获得字节后,将每个字节数组写入一个名为 root.cer 的文件。

关于java - 浏览器集成ssl证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47408750/

上一篇:ssl - 无法将 Akka-http 10.10 中的 AhcWSClient 配置为 AcceptAnyCertificate

下一篇:azure - 通配符 SSL 映射多个 Azure 应用服务应用程序

相关文章:

java - 高负载下正常GC的jvm配置

php - 如何安全地将 apiKey/客户端密码从 AngularJS 传递到 REST API

c# - 最安全的实时数据传输建议

ssl - - 发现 IOException AMC java.security.cert.CertificateException : No subject alternative DNS name matching api. mitel-amc.com

ssl - Facebook 连接 ssl 问题

c# - HTTPS 远程发布?

java - swagger2 多态性 : add list of abstract classes to swagger documentation

java - 用户输入的总分、平均分、最低分和最高分(条件控制结构)

java - 如何获取数组列表中的 HashMap 的克隆

java - 在java中将字符串转换为java.Security.Publickey

©2024 IT工具网  联系我们