Hello experts,
I need to get serial number of x509 certificate. The result of usage "certificate.getSerialNumber()" differs from the expected. As I see X509 certificate file specs, it should go in following format:
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version shall be v3
}
And I couldn't find in the begining of the file the value that is provided by certificate.getSerialNumber() method.
And related question: When trying to display the serial with openssl it takes right value from file but adds '3' after each number.
So my question is: How can I get the stored serial value? And where to read why and how openssl and java modifies this data.
OPENSSL
Run with:
openssl x509 -serial -noout -inform DER -in mycert.cer
Result:
serial=3030303031303030303030313030373439323639
JAVA
Code:
InputStream in = new FileInputStream("mycert.cer");
BouncyCastleProvider provider = new BouncyCastleProvider();
CertificateFactory certificateFactory = CertificateFactory.getInstance("X509", provider);
X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(in);
BigInteger serialNum = certificate.getSerialNumber();
System.out.println(serialNum);
Output:
275106190557734483187066766755592068430195471929
FILE
And viewing the file, I see:
0...0..r.......000010000001007492690
. *.H..
..
which seems to be the serial, provided by openssl but openssl mix it with '3'(after each number).