Building a Certificate Authority architecture

I am trying to build a network involving multiple clients and a single server, both written in Java. I am trying to find a way to automatically generate a CSR on the client side th开发者_Python百科at can be sent to the server for a signed certificate. I have been able to generate a public/private keypair in Java but cannot figure out how to generate a CSR. Maybe I am looking at doing this the wrong way! Please help!

Take a look at the end of this article. It explains how to use the BouncyCastle libraries to generate both a certificate and a PKCS#10 CSR. This should be all you need to get this working.

http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+Certification+Request+Generation

You might want take a look at the Bouncy Castle Crypto APIs to help you generate a CSR. They have documentation on how to go about it. Here's an example that requires Bouncy Castle. I came across KeyUtils.java that has a writeCertReq() method, however it depends on some internal sun.security imports instead (so it'll be limited to the Oracle/Sun JVM). I'm actually not aware of a way to do it with the standard JCE.