"scott.stark(a)jboss.org" wrote : "jason.greene(a)jboss.com" wrote : | | 1. Ability to generate a v3 cert, bouncy castle does support this. Right now I tell people to use openssl. | | | We should just look at whether bouncy castle/ejbca can be leveraged to get a sufficient cert generation capability into our codebase. | Agreed, I know we have some advanced long term goals, but I think just getting a basic tool in to begin with is important. Even if self-signing is all thats supported thats something. "scott.stark(a)jboss.org" wrote : | \Access to any raw attribute seems to exist. What is not generally available is a mechanism to control how to decode a given attribute. I would assume this is going to require ASN/DER classes (should exist in bc or even opends), along with a OID to format handler registry. The latter is core to ldap and so maybe we can leverage the opends schema handling pieces as a way to externalize the cert attribute handling as well. | Yes bc does have ASN/DER decoding: http://www.bouncycastle.org/docs/docs1.5/org/bouncycastle/asn1/package-su... If work starts in either of these areas I can try and get some time to work on this if needed. -Jason View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980162#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...