Is it possible to sanely create an X509 Certificate in Java code without using the Bouncy Castle X509V*CertificateGenerator classes?
+1
A:
All the basic components to make a self-signed certificate (signing, X509 encoding etc) are available in JRE. Unlike BC, Sun's JCE doesn't provide any public calls to sign a certificate. However, all the functions are available in Keytool. You can simply copy the code from keytool to do this. The method you need to copy is doSelfCert().
ZZ Coder
2009-10-23 22:05:30
+1
A:
Depends on what exactly you want to do (and probably your definition of "Sanely"). As ZZ Coder pointed out, you can create a self-signed certificate directly by copying keytool. But I don't believe you can create a PKCS10 certificate request object with the standard JCE, which you probably need to do if you want to create standard CA-signed EECs.
Von
2010-01-10 16:43:07