网上查到的很麻烦
pom依赖
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.64</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcmail-jdk16 -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcmail-jdk15on</artifactId>
<version>1.64</version>
</dependency>
// 创建密钥对
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
ContentSigner signGen = new JcaContentSignerBuilder("SHA256withRSA").build(privateKey);
// 创建密钥对
KeyPairGenerator gen = KeyPairGenerator.getInstance("EC");
ContentSigner signGen = new JcaContentSignerBuilder("SHA256withECDSA").build(privateKey);
ECC生成CA证书
// 创建密钥对
KeyPairGenerator gen = KeyPairGenerator.getInstance("EC");
// gen.initialize(571);
KeyPair pair = gen.generateKeyPair();
PrivateKey privateKey = pair.getPrivate();
PublicKey publicKey = pair.getPublic();
/**
* 准备生成CA证书
*/
// 创建 CSR 对象
X500Principal subject = new X500Principal("C=CName, ST=bc, L=bc, O=bc, OU=OUName, CN=CNName, EMAILADDRESS=bc@bochtec.com");
ContentSigner signGen = new JcaContentSignerBuilder("SHA256withECDSA").build(privateKey);
// ContentSigner signGen = new JcaContentSignerBuilder("SHA256withRSA").build(privateKey);
PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
// 添加 SAN 扩展
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
GeneralNames generalNames = new GeneralNames(new GeneralName[]{new GeneralName(GeneralName.rfc822Name, "ip=6.6.6.6"), new GeneralName(GeneralName.rfc822Name, "email=666@gmail.com")});
extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, generalNames);
builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
// build csr
PKCS10CertificationRequest csr = builder.build(signGen);
File file = new File("F:\\jiang-ca.cer");
FileOutputStream outputStream = new FileOutputStream(file);
// 输出 PEM 格式的 CSR
OutputStreamWriter output = new OutputStreamWriter(outputStream);
JcaPEMWriter pem = new JcaPEMWriter(output);
pem.writeObject(csr);
System.err.println("=============CA证书生成==============");
pem.close();
RSA生成CA证书
// 创建密钥对
KeyPairGenerator gen = KeyPairGenerator.getInstance("EC");
// gen.initialize(571);
KeyPair pair = gen.generateKeyPair();
PrivateKey privateKey = pair.getPrivate();
PublicKey publicKey = pair.getPublic();
/**
* 准备生成CA证书
*/
// 创建 CSR 对象
X500Principal subject = new X500Principal("C=CName, ST=bc, L=bc, O=bc, OU=OUName, CN=CNName, EMAILADDRESS=bc@bochtec.com");
ContentSigner signGen = new JcaContentSignerBuilder("SHA256withECDSA").build(privateKey);
// ContentSigner signGen = new JcaContentSignerBuilder("SHA256withRSA").build(privateKey);
PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
// 添加 SAN 扩展
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
GeneralNames generalNames = new GeneralNames(new GeneralName[]{new GeneralName(GeneralName.rfc822Name, "ip=6.6.6.6"), new GeneralName(GeneralName.rfc822Name, "email=666@gmail.com")});
extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, generalNames);
builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
// build csr
PKCS10CertificationRequest csr = builder.build(signGen);
File file = new File("F:\\jiang-ca.cer");
FileOutputStream outputStream = new FileOutputStream(file);
// 输出 PEM 格式的 CSR
OutputStreamWriter output = new OutputStreamWriter(outputStream);
JcaPEMWriter pem = new JcaPEMWriter(output);
pem.writeObject(csr);
System.err.println("=============CA证书生成==============");
pem.close();