We are moving from OpenSSL to Java to handle CSRs for our CA. Our devices 
require a custom 'description' field as part of the Subject sequence.

(Related link)
https://linux.die.net/man/3/x509_name_get_text_by_nid

The following command line fails (we are using a HSM but that's not relevant to 
the question)

java -Dprotect=module -DignorePassphrase=true sun.security.tools.keytool.Main 
-certreq -alias myalias 
     -file c:\mycerts\certs\cert23may.csr.pem -keypass 000000 -dname 
"C=US,ST=CA,L=Cupertino,O=Apple\ 
Computer,OU=MyUnit,CN=MyServer,description=1495543419" 
          -keystore c:\mycerts\private\may18_2017.ncsw -sigalg SHA256withECDSA 
-storepass 000000 -storetype nCipher.sworld
          
keytool error: java.io.IOException: Invalid keyword "DESCRIPTION"


Similar OpenSSL command:

openssl req -config openssl_cp2.cnf -new -days 9100 -key 
/mycerts/private/private.key.pem -out /certs/csr/my.csr.pem -subj 
"/C=US/ST=CA/L=Cupertino/O=Apple\ 
Computer/OU=MyUnit/CN=MyServer/description=1495543419" -verify

I've dug around and have not found a way to get Java keytool to take the custom 
description=xxxx field.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to