Fatal编程技术网
  • java/
  • Java 如何在证书中添加具有主机名和ip地址的主题替代名称

Java 如何在证书中添加具有主机名和ip地址的主题替代名称

java certificate

Java 如何在证书中添加具有主机名和ip地址的主题替代名称,java,certificate,x509certificate,Java,Certificate,X509certificate,我正在生成证书和私钥,但我的证书中也需要subjectAlternative。 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", bcProvider); keyPairGenerator.initialize(2048); KeyPair keyPair = keyPairGenerator.generateKeyPair(); //setting se

我正在生成证书和私钥,但我的证书中也需要subjectAlternative。

  KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", bcProvider);
    keyPairGenerator.initialize(2048);
    KeyPair keyPair = keyPairGenerator.generateKeyPair();
    //setting serialNumber as currentTimeStamp
    BigInteger certSerialNumber = BigInteger.valueOf(System.currentTimeMillis());
    X500Name x500Name = new X500Name("CN=" + "test");
    X500Name subject = new X500Name("O=" + "test");
    String signatureAlgorithm = "SHA1withRSA";
    Instant startDate = Instant.now();
    Instant endDate = startDate.plus(1 * 365, ChronoUnit.DAYS);
    ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm)
            .build(keyPair.getPrivate());
    X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(
            x500Name, certSerialNumber, Date.from(startDate), Date.from(endDate), subject,
            keyPair.getPublic()).addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
    Certificate certificate = new JcaX509CertificateConverter().setProvider(bcProvider)
            .getCertificate(certBuilder.build(contentSigner));
我搜索了很多,但找不到添加主机名和ip地址的方法。

(1)google stackoverflow.com x509v3certificatebuilder subjectalternativename第二次点击->。(第一个攻击是一个愚蠢的黑客利用SAN走私其他东西。)(2)您使用自己的密钥对签署此证书,但使颁发者名称与主题名称不同;这将使某些验证器(如OpenSSL)无法验证此证书。 
  KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", bcProvider);
    keyPairGenerator.initialize(2048);
    KeyPair keyPair = keyPairGenerator.generateKeyPair();
    //setting serialNumber as currentTimeStamp
    BigInteger certSerialNumber = BigInteger.valueOf(System.currentTimeMillis());
    X500Name x500Name = new X500Name("CN=" + "test");
    X500Name subject = new X500Name("O=" + "test");
    String signatureAlgorithm = "SHA1withRSA";
    Instant startDate = Instant.now();
    Instant endDate = startDate.plus(1 * 365, ChronoUnit.DAYS);
    ContentSigner contentSigner = new JcaContentSignerBuilder(signatureAlgorithm)
            .build(keyPair.getPrivate());
    X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(
            x500Name, certSerialNumber, Date.from(startDate), Date.from(endDate), subject,
            keyPair.getPublic()).addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
    Certificate certificate = new JcaX509CertificateConverter().setProvider(bcProvider)
            .getCertificate(certBuilder.build(contentSigner));