How must I format IP Address for SubjectAlternativ

2019-07-15 05:43发布

I use BouncyCastle to generate certificats. Now I want to add some SubjectAlternativeName, just like:

...
ArrayList namesList = new ArrayList();
namesList.add(new GeneralName(GeneralName.dNSName, "*.test"));
namesList.add(new GeneralName(GeneralName.iPAddress, "127.0.0.1"));
namesList.add(new GeneralName(GeneralName.rfc822Name, "zoltar@spkac.spectra.org"));
GeneralNames subjectAltNames = new GeneralNames(new DERSequence((GeneralName[])namesList.toArray(new GeneralName [] {})));
new_cert.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltNames);
...

Program executes without exception, but then I cannot see "IP Address". With openssl I see:

...
DNS:*.test, IP Address:<invalid>, email:zoltar@spkac.spectra.org
...

What is the correct form of IP address in call of GeneralName(GeneralName.iPAddress, ...))?

标签： java security x509certificate bouncycastle x509

1条回答

地球回转人心会变

2楼-- · 2019-07-15 06:09

I think it was problem with very old BouncyCastle library. Application used version 1.39 from year 2008. So I upgraded BC to version 1.56 (December 2016) and rewrote application because BC changed some API. Now I see:

DNS:*.test, IP Address:127.0.0.1, email:zoltar@spkac.spectra.org

0人赞添加讨论(0) 举报

How must I format IP Address for SubjectAlternativ

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间