CSR with special requirements generated by Java

  • Posted:
  • Proposals: 2
  • Remote
  • #1993754
  • Expired
Niraj K.Mangal G. have already sent a proposal.
  • 6


Experience Level: Intermediate
Estimated Job duration: 1 day or less
We need a Certificate Signing Request produced based on the requirements below. This is part of the project we are currently doing. Our developer has tried every variant he could find to generate these CSRs using OpenSSL, but has finally been advised by the experts at the Trusted Services Provider for the project that one of the requirements is sufficiently unusual that OpenSSL does not support it at all and that it could be done with 20 lines of Java (a coding language we don’t have any in-house use for currently).

Here’s a summary of the requirements for generating Organisation Certificate Signing Requests:
The CSR has to use a key based on an elliptic curve (specifically Prime256r1 (256 bit)). I have generated a version of this key and it’s attached.

In the CSR itself:

“Subject” must contain the following:

Common Name (id-at-commonName) = “Insert Company Name”
Organisational Unit (id-at-organizationalUnitName) = “02”
Subject Unique Identifier (id-at-uniqueIdentifier) = “70-B3-D5-1F-30-0A-00-00” – this must be encoded as a bit string (this is where OpenSSL falls down)

Subject Public Key Information:

Public Key Algorithm = id-ecPublicKey
Prime256r1 (256 bit) = Public Key Value

Key Usage:

Criticality = “True”
Key Usage = “digitalSignature”

Signature Algorithm = ecdsa-with-SHA256

The documentation says that the CSRs will be accepted in PKCS#10 format Base64 encoded. The standard format will be ASN1.DER, including either style of PEM header or no header, and the Base64 encoded text can be all on one line or with breaks at 64 or 76 characters.

New Proposal

Create an account now and send a proposal now to get this job.

Sign up

Clarification Board Ask a Question

    There are no clarification messages.