000025038 - Cert-J: Requesting certificate with subjectAltName extension via CMP

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025038
Applies ToCert-J
Certificate Management Protocol (CMP)
IssueCert-J: Requesting certificate with subjectAltName extension via CMP
Resolution

The following code can be used to add the subject alt name extension (with an e-mail address value in this example) to a CMP Request.  This can be added to the Cert-J CMPRequest.java sample.

    CertTemplate template = new CertTemplate();

    X509V3Extensions extensions = new X509V3Extensions(X509V3Extensions.X509_EXT_TYPE_CERT);


  /* 1. Create the GeneralName
GeneralName ::= CHOICE {
     otherName                       [0]     AnotherName,
     rfc822Name                      [1]     IA5String,
     dNSName                         [2]     IA5String,
     x400Address                     [3]     ORAddress,
     directoryName                   [4]     Name,
     ediPartyName                    [5]     EDIPartyName,
     uniformResourceIdentifier       [6]     IA5String,
     iPAddress                       [7]     OCTET STRING,
     registeredID                    [8]     OBJECT IDENTIFIER }
  */
    GeneralName generalName = new GeneralName();
    String rfc822Name = "example@example.com";
    generalName.setGeneralName(rfc822Name, GeneralName.RFC822_NAME_TYPE);

    /* 2. Create
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
    */
    GeneralNames generalNames = new GeneralNames();
    generalNames.addGeneralName(generalName);

    /* 3. Create
SubjectAltName ::= GeneralNames

and add to Extensions
Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension

Extension  ::=  SEQUENCE  {
     extnID      OBJECT IDENTIFIER,
     critical    BOOLEAN DEFAULT FALSE,
     extnValue   OCTET STRING  }
    */
    boolean criticality = false;
    SubjectAltName subjectAltNameExtension = new SubjectAltName(generalNames, criticality);
    extensions.addV3Extension((X509V3Extension)subjectAltNameExtension);
    template.setExtensions(extensions);


    // Write template to a file to check encoding
    byte[] encoding;
    FileOutputStream tempOut = null;
    tempOut = new FileOutputStream("tempOut");
    encoding = new byte[certreq.getDERLen(0)];
    certreq.getDEREncoding(encoding, 0, 0);
    tempOut.write(encoding);
    tempOut.close();

Legacy Article IDa33649

Attachments

    Outcomes