We need 2 things: 1. Ability to generate a v3 cert, bouncy castle does support this. Right now I tell people to use openssl. 2. Support for subject key identifier code follows 3. Ideally all v3 attributes would be supported | public static byte[] getSubjectKeyIdentifier(X509Certificate cert) | { | // Maybee we should make one ourselves if it isn't there? | byte[] encoded = cert.getExtensionValue("2.5.29.14"); | if (encoded == null) | return null; | | // We need to skip 4 bytes [(OCTET STRING) (LENGTH)[(OCTET STRING) (LENGTH) (Actual data)]] | int trunc = encoded.length - 4; | | byte[] identifier = new byte[trunc]; | System.arraycopy(encoded, 4, identifier, 0, trunc); | | return identifier; | } | Let me know how you would like this represented as JIRA issues. -Jason View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980129#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...