Java 颁发的证书不显示颁发者详细信息
在我的应用程序中,我正在创建一个证书,并使用自签名CA进行签名。从代码中,我可以看到所有详细信息,如颁发者详细信息、有效性。 但是,在windows证书资源管理器的“证书路径”选项卡下查看颁发者时,颁发的证书不会显示颁发者详细信息。我做错了什么 提前谢谢Java 颁发的证书不显示颁发者详细信息,java,security,ssl,x509certificate,bouncycastle,Java,Security,Ssl,X509certificate,Bouncycastle,在我的应用程序中,我正在创建一个证书,并使用自签名CA进行签名。从代码中,我可以看到所有详细信息,如颁发者详细信息、有效性。 但是,在windows证书资源管理器的“证书路径”选项卡下查看颁发者时,颁发的证书不会显示颁发者详细信息。我做错了什么 提前谢谢 public void issueCertificate(KeyPair keypair, String cn, int days, KeyPurposeId purposeId) throws Exception {
public void issueCertificate(KeyPair keypair, String cn, int days,
KeyPurposeId purposeId) throws Exception {
if (keypair != null) {
this.issuedKeyPair = keypair;
} else {
this.issuedKeyPair = generateRSAKeyPair();
}
PKCS10CertificationRequest request = generateCSR(issuedKeyPair, cn);
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(caCertificate.getSubjectX500Principal());
certGen.setNotBefore(new Date(System.currentTimeMillis()));
certGen.setNotAfter(new Date(System.currentTimeMillis()
+ (1000L * 60 * 60 * 24 * days)));
certGen.setSubjectDN(request.getCertificationRequestInfo().getSubject());
certGen.setPublicKey(request.getPublicKey("BC"));
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
new AuthorityKeyIdentifierStructure(caCertificate));
certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
new SubjectKeyIdentifierStructure(request.getPublicKey("BC")));
certGen.addExtension(X509Extensions.BasicConstraints, true,
new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(
KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
certGen.addExtension(X509Extensions.ExtendedKeyUsage, true,
new ExtendedKeyUsage(purposeId));
ASN1Set attributes = request.getCertificationRequestInfo()
.getAttributes();
if (attributes != null) {
for (int i = 0; i != attributes.size(); i++) {
org.bouncycastle.asn1.pkcs.Attribute attr = org.bouncycastle.asn1.pkcs.Attribute
.getInstance(attributes.getObjectAt(i));
if (attr.getAttrType().equals(
PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
X509Extensions extensions = X509Extensions.getInstance(attr
.getAttrValues().getObjectAt(0));
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e
.nextElement();
X509Extension ext = extensions.getExtension(oid);
certGen.addExtension(oid, ext.isCritical(), ext
.getValue().getOctets());
}
}
}
}
this.issuedCertificate = certGen.generate(caKeyPair.getPrivate());
}
你真的在证书上签了CA吗?我的猜测是否定的。另一个猜测是,您实际上需要使用CA签署证书才能获得“证书路径”。是的。我终于弄明白了真正的问题是什么。RootCA需要在信任商店中。谢谢你的回复。