posted 16 years ago
Unfortunately, some applications produce certificates that contain negative serial numbers. Is this a bug? I think so. Your certificate is an example of this. The value returned by Java is correct, it is just not what you expect. Basically, you certificate would have been positive if only it had a leading zero byte (google on DER encoding for integer). However, the situation is easily corrected by extracting the raw bytes from your negative BigInteger and creating a new positive BigInteger as in the following example: