I need to add extra fields in the CSR, like keyusage, regestrationID etc.I am using java IBM-sdk60. I've gone through x500 name API's and could not find any solution. Help on API's would be appreciated. Thanks in advance
The standard way to include additional information in a CSR (PKCS#10) request is by adding Attributes. According to the PKCS#10 standard:
The intention of including a set of attributes is twofold: to provide other information about a given entity , or a "challenge password" by which the entity may later request certificate revocation; and to provide attributes for inclusion in X.509 certificates. A non-exhaustive list of attributes is given in PKCS #9
An attribute is an OID and a value whose meaning depends on the OID
Actually PKCS#9 defines 3 attributes:
The one you are looking for is Extension request :
The extensionRequest attribute type may be used to carry information about certificate extensions the requester wishes to be included in a certificate.
This code template (not tested) may give you some hints on how include this attribute
CertificateExtensions exts = /* build the extensions set you want to include */
/* Wrap the extensions set into a SET OF */
OutputStream out = new ByteArrayOutputStream();
exts.encode(out);
DerValue val = new DerValue(DerValue.tag_SetOf, out.toByteArray());
PKCSAttribute extReq = new PKCSAttribute(new ObjectIdentifier("1.2.840.113549.1.9.14"), val.toByteArray());
PKCSAttributes attrs = new PKCSAttributes(new PKCSAttribute[] { extReq });
CertificationRequestInfo cri = new CertificationRequestInfo(subject, key, attrs);
CertificationRequest csr = new CertificationRequest(cri);
Please note that unless the CA explicitly announces this PKCS#10 attribute is supported it will be ignored during the certificate generation.