6

I have a X509Certificate and I write/print it to a file as follows. (I'm not writing encoded bytes, because I want to read the content of the certicate)

X509Certificate cer = generateCertificate(); // cer is DER encoded
writeToFile( cer.toString() ); // cer.toString() converts DER to UTF/ASCII???

Later I want to read this file (above) as String and create a new X509Certificate.

String cerStr = readCerFromFile(); // Read what is written above. In ASCII/ UTF format
ByteArrayInputStream bais = null;
try {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    bais = new ByteArrayInputStream(cerStr.getBytes());
    return (X509Certificate) cf.generateCertificate(bais);
} ...

This throws following Exception.

Java.security.cert.CertificateParsingException: Invalid DER-encoded certificate data

And it is obvious that I'm not converting cerStr to DER format (and I don't know whether it is possible to convert into DER ). Can any one please explain how can create an X509Certicate from a String which is not encoded.

Thanks in advance.!

Fahim
  • 723
  • 1
  • 7
  • 11

4 Answers4

4

The short answer: you cannot. DER encodes too many details that cannot be easily converted to and back from a String. You are better off simply saving the DER encoded certificate using cer.getEncoded() as GregS has explained in the comments.

If you want to see the the contents of the certificate, simply save it with a file extension that your operating system recognizes and double click it. If you want to have a command line method of printing the plain text information use e.g. openssl:

openssl x509 -text -noout -inform DER -in mycertificate.crt

Which is standard included or optional in many Unix flavours (Linux, Apple) and can be run on Windows as well.

erickson
  • 265,237
  • 58
  • 395
  • 493
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • You could also create a CLI application within Java of course. Just reading in the cert/decoding it using X509 certificate factory and printing out the cert would be about 10 minutes of work, but then you need to handle installation, shell script creation etc. – Maarten Bodewes Jul 15 '12 at 22:53
  • Java keytool might be used as well, it's only available in the SDK though, not the runtime. – Maarten Bodewes Jul 15 '12 at 22:54
  • Thanks to @erickson for spell checking this answer, I must have been sleepy. – Maarten Bodewes Aug 02 '12 at 22:22
1

When you take certificate as raw data cert.getEncoded() (in .Net it is cert.RawData) it is encoded in DER format. Informally speaking it is just a special binary representation of the certificate.

But there exists good string representation of certificate. You can convert raw representation of certificate in DER to Base64 formatted string. I don't know JAVA, so in .Net it will look like this Convert.ToBase64dString(cert.RawData).

You can save certificate in both formats to a file with .cer or .crt extension and open it using standart OS certificate viewer.

Sergio Rykov
  • 4,176
  • 25
  • 23
0

A poor mans answer (I would very much a lower level)

// create the pfx byte stream... byte[] selfSigned = CertificateCreator.CreateSelfSignCertificatePfx(distinguishedName, new DateTime(2013, 4, 1), new DateTime(2013, 12, 31), insecurePassword);

// crate a certificate instance X509Certificate2 cert = new X509Certificate2(selfSigned, insecurePassword);

// export as .cer [DER] selfSigned = cert.Export(X509ContentType.Cert);

// write to file.. System.IO.File.WriteAllBytes(certificateFilename+".cer"), selfSigned);

David V. Corbin
  • 344
  • 1
  • 10
0

In Java you can do 

    String sCert = javax.xml.bind.DatatypeConverter.printBase64Binary(certificate.getEncoded());

In .Net

Convert.ToBase64String(Certificate.RawData);
Taran
  • 2,895
  • 25
  • 22