Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

serial number form x509 certificate

 
srini Raman
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I use Certificate factory and X509Certificate classes to parse a certificate and get the the serial number. The BigInteger for a certificate with serial number shows an incorrect value. The certificate display the serial number as FDB1 DDE5 EF8F 56A5 11D3 5698 42E6 7FE0 . While the serial number obtained from java method is -3064146813482257434743394187012046880 (in decimal) which is incorrect. Is it performing any complement kind of stuff?? How can I get the correct value?
Thanks,
Srini
 
greg stark
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Unfortunately, some applications produce certificates that contain negative serial numbers. Is this a bug? I think so. Your certificate is an example of this. The value returned by Java is correct, it is just not what you expect. Basically, you certificate would have been positive if only it had a leading zero byte (google on DER encoding for integer). However, the situation is easily corrected by extracting the raw bytes from your negative BigInteger and creating a new positive BigInteger as in the following example:
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic