Fwd: Chain of trust issue

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Fwd: Chain of trust issue

raksha s


We were trying to create certificates with bouncy castle 1.21 and 1.55 versions, using CA created with bouncy castle 1.21.
The certificate created using bouncy castle 1.55 does not have CA informaion. The chain of trust is not there in the certificate.

We are using bouncycastle to generate certificate in x509 format and using the following openSSL commands to generate pkcs12 format:
openssl pkcs8 -inform DER -nocrypt -in server1.key -out serverKey.pem
openssl x509 -inform DER -in server1.crt -out serverCert.pem
openssl pkcs12 -export -inkey serverKey.pem -in serverCert.pem -name "serverCertificate" -chain -CAfile CACert.pem -out package.p12 -nodes -passout pass:abcd

Observed differences:
In the certificate(OldServerCertificate) generated with bouncycastle 1.21,

Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=server, OU=server, DC=personal, DC=net
Issuer: CN=CA, OU=ca, DC=personal, DC=net


In the certificate(NewServerCertificateOldCA) generated with bouncycastle 1.55,

Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=server, OU=server, DC=personal, DC=net
Issuer: CN=CA, OU=ca, DC=personal, DC=net

How do we ensure the complete certificate chain length in 1.55 generated certificate?

PFA the CAcert.pem (using bouncycastle 1.21), OldServerCertificate(using bouncycastle 1.21), NewServerCertificateOldCA(using bouncycastle 1.55 and CA using CAcert.pem)



Regards,
Raksha S



NewServerCertificateWithOldCA.txt (1K) Download Attachment
CACert.pem (1K) Download Attachment
OldServerCertificate.txt (2K) Download Attachment
Loading...