[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] How to createl certificates for IE 4.0x (and NN in future:))



Hello iaik-jce! 

  Sorry for a long message, but i just don't know where to ask anymore!
  Can anybody help me in creating certificates for IE 4.x?
I generate certificate request (pkcs#10) in MSIE 4.x, and trying to
create certificate. I spent nearly week in my research and seems that
find nothing. :(
  So, this how i create CA certificate:

            Name subject = new Name(); // fill of Name skipped
            // BasicConstraints
            BasicConstraints basicConstraints = new BasicConstraints(true);
            basicConstraints.setCritical(true);
            extensions.addElement(basicConstraints);
            // KeyUsage, all that i can imagine!
            KeyUsage keyUsage = new KeyUsage( KeyUsage.digitalSignature |KeyUsage.nonRepudiation|
                     KeyUsage.keyEncipherment|KeyUsage.dataEncipherment|
                     KeyUsage.keyCertSign |KeyUsage.cRLSign);
            keyUsage.setCritical(true);
            extensions.addElement(keyUsage);

            NetscapeCertType netscapeCertType = new NetscapeCertType();
            netscapeCertType.setCertType(NetscapeCertType.OBJECT_SIGNING_CA |
                     NetscapeCertType.S_MIME_CA | NetscapeCertType.SSL_CA );
            netscapeCertType.setCritical(true);
            extensions.addElement(netscapeCertType);

            V3Extension[] e = new V3Extension[extensions.size()];
            extensions.copyInto(e);

            X509Certificate caRSA = createCertificate(subject, ca_rsa.getPublic(), subject,
                ca_rsa.getPrivate(), AlgorithmID.md5WithRSAEncryption,
                "caCert.der", 1, e);

            X509Certificate chain[] = new X509Certificate[1];
            chain[0] = caRSA;
            addToKeyStore(ca_rsa, chain, CA_RSA);

  Next, how i create client certificate:

            X509Certificate[] chain = new X509Certificate[2];
            X509Certificate caRSA  = new X509Certificate(new FileInputStream("caCert.der"));
            CertificateRequest req = new CertificateRequest(new ASN1InputStream(new FileInputStream(fname)));

            Vector extensions = new Vector();
            BasicConstraints basicConstraints = new BasicConstraints(false);
            extensions.addElement(basicConstraints);
            
            KeyUsage keyUsage = new KeyUsage( KeyUsage.digitalSignature |KeyUsage.nonRepudiation|
                     KeyUsage.keyEncipherment|KeyUsage.dataEncipherment);
            extensions.addElement(keyUsage);
            
            NetscapeCertType netscapeCertType = new NetscapeCertType();
            netscapeCertType.setCertType(NetscapeCertType.SSL_CLIENT |NetscapeCertType.S_MIME );
            extensions.addElement(netscapeCertType);
            V3Extension[] e = new V3Extension[extensions.size()];
            extensions.copyInto(e);
            
            Name issuer = (Name)caRSA.getSubjectDN();
            Name subject = req.getSubject();

            chain[0] = createCertificate(subject, req.getPublicKey(),
                     issuer, ca_rsa.getPrivate(), AlgorithmID.md5WithRSAEncryption,
                     null, 2, e);
            chain[1] = caRSA;

            PKCS7CertList chn = new PKCS7CertList();
            chn.setCertificateList(chain);
            chn.writeTo(new FileOutputStream("clCert.p7c"));

  Well, when i install this certificate list into IE 4.x ( i convert
it into Base64 and use MS Enroll ActiveX) there is no errors!!! Seems,
like all work fine. But, if i look into personal certificates in this IE
(View/Internet Options/Content/Personal) then i see NO certificate :(((
  From other side, a can import pkcs#12 into IE 4.x (i do this
successfully). In this case i have a private key on my side, but
this is inadmissible.

  Can anybody help! Please!
  Thanks in advance!

With the best wishes,               mailto:runtime@rb.dp.ua
            Alexandr.
---------------------
JS Bank "Radabank", Ukraine,
Chief of Development Dept.
+380-562-387832


--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-jce