Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java X509扩展

3 月 Questions & Answers

如何使用bouncycastle API在java中为x509证书设置扩展

我设法做到了这样的“基本约束”:

...
X509V3CertificateGenerator gen = new X509V3CertificateGenerator();
...
boolean crit;
boolean isCa;
gen.addExtension(X509Extensions.BasicConstraints, crit, new BasicConstraints(isCa));

但是,我不知道如何对IssueralAlternativeNameKeyUsage执行相同的操作


共 (1) 个答案

  1. # 1 楼答案

    试试这个

     KeyUsage usage = new KeyUsage(KeyUsage.keyCertSign
        | KeyUsage.digitalSignature | KeyUsage.keyEncipherment
        | KeyUsage.dataEncipherment | KeyUsage.cRLSign);
 gen.addExtension(Extension.keyUsage, false, usage);


 GeneralNames issuerAltName = new GeneralNames(new GeneralName(new X509Name("CN=somedomain.tld")));
    gen.addExtension(X509Extensions.IssuerAlternativeName, false, issuerAltName);