I am using following code to generate root CA:
public static X509Certificate buildRootCert(KeyPair keyPair)
throws Exception {
X509v1CertificateBuilder certBldr = new JcaX509v1CertificateBuilder(
new X500Name("CN=Root"),
BigInteger.valueOf(1),
new Date(System.currentTimeMillis()),
new Date(System.currentTimeMillis() + 1000 * 3600 * 24),
new X500Name("CN=Root"), keyPair.getPublic());
ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA")
.setProvider("BC").build(keyPair.getPrivate());
return new JcaX509CertificateConverter().setProvider("BC")
.getCertificate(certBldr.build(signer));
}
After that I need 2 more steps to have CA Cert
PEMWriter
root.crt
file.Windows recognizes it as CA Certificate and shows warning ...this certifiacate is not trusted..., but when I am trying to install this cert to Android it shows
The package contains: one user certificate
Installation is proceeded but cert is not present in user trusted list
Is this correct way to generate self-signed CA?
I have added basic constraints and it started to recognize it as a CA.