All geek questions in one place

Is there any way to print the X509 certificate?

I have a web page where I show the details of the SSL certificate that is used with the server. I thought toString () might be fine, but it looks like this:

[0] Version: 3 SerialNumber: 117262955582477610212812061435665386300 IssuerDN: CN=localhost Start Date: Wed Jun 13 15:15:05 EST 2012 Final Date: Tue Jun 08 15:15:05 EST 2032 SubjectDN: CN=localhost Public Key: DSA Public Key y: 6ef96c2ace616280c5453dda2[TRUNCATED BY ME] Signature Algorithm: SHA1withDSA Signature: 302c021450b1557d879a25ccf6b89e7ac6de8dc6 0b13df7e0214559cdc810cdb1faa3a645da837cd 5efdeb81d62e Extensions: critical(true) 2.5.29.17 value = DER Sequence Tagged [7] IMPLICIT DER Octet String[4]

The problem I am facing is an unclear view of the extensions. I would prefer to see "subjectAltNames" and a list of alternative names, for example, what I see in my web browser when I look at the certificate information.

Is there any way to do this? I have the whole BouncyCastle in my class path, so I was hoping I could find it there, but it seems I can't find it.

The worst comes to the worst, I know that I can put the time into assembling all the pieces and parts, but I do not know if I will miss the extension that anyone can expect there.

+6
source share
3 answers

Answering my own question with my solution.

Turns out this crappy toString () output only occurs when using Sun for the X509Certificate. When using BouncyCastle, it looks much better (or, in more detail, at least.)

It turned out that we did not initialize the BC provider before the page was displayed. Initialization has been delayed until we want to use it to actually create the certificate, and now that this is done when webapp starts up, toString () looks much better.

+1
source

Almost all bits and pieces should be accessible from the standard X509Certificate class:

You should be able to format pretty easily whatever you want, but want. You can also access and iterate through the getIssuerAlternativeNames () collection.

PS:

Here's a great link about implementing the X509Certificate class:

And here is the link from someone using Bouncy Castle (the solution also includes the link above):

+1
source

Try the PEMReader API from BC Provider

 byte[] content = data.getBytes(); // create new buffered reader PEMReader pemReader = new PEMReader(br, null); Object obj = pemReader.readObject();

after printing obj it will give you toString format

0
source

Source: https://habr.com/ru/post/917932/

More articles:


All Articles