views:

907

answers:

3

Is it possible to sanely create an X509 Certificate in Java code without using the Bouncy Castle X509V*CertificateGenerator classes?

+1  A: 
erickson
+1  A: 

All the basic components to make a self-signed certificate (signing, X509 encoding etc) are available in JRE. Unlike BC, Sun's JCE doesn't provide any public calls to sign a certificate. However, all the functions are available in Keytool. You can simply copy the code from keytool to do this. The method you need to copy is doSelfCert().

ZZ Coder
+1  A: 

Depends on what exactly you want to do (and probably your definition of "Sanely"). As ZZ Coder pointed out, you can create a self-signed certificate directly by copying keytool. But I don't believe you can create a PKCS10 certificate request object with the standard JCE, which you probably need to do if you want to create standard CA-signed EECs.

Von