I need to get x509 certificate serial number. The result of using "certificate.getSerialNumber ()" is different than expected. Since I see the specifications of the X509 certificate file, it should go in the following format:
Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version shall be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version shall be v2 or v3 extensions [3] EXPLICIT Extensions OPTIONAL -- If present, version shall be v3 }
And I could not find at the beginning of the file the value provided by the certificate.getSerialNumber () method.
And a related question: when trying to display a series using openssl, it takes the correct value from the file, but adds "3" after each number.
So my question is: how can I get the stored serial value? And where to read why and how openssl and java change this data.
Openssl
Run with:
openssl x509 -serial -noout -inform DER -in mycert.cer
Result:
serial=3030303031303030303030313030373439323639
Java
the code:
InputStream in = new FileInputStream("mycert.cer"); BouncyCastleProvider provider = new BouncyCastleProvider(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X509", provider); X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(in); BigInteger serialNum = certificate.getSerialNumber(); System.out.println(serialNum);
Conclusion:
275106190557734483187066766755592068430195471929
FILE
And looking at the file, I see:
0...0..r.......000010000001007492690 . *.H.. ..
which seems to be serial provided by openssl, but openssl mixes it with "3" (after each number).