I'm building a mini-CA. I'm trying to accept the PEM-respresentation of a user's certification request (which was made from keytool), and use it to generate a certificate. However, when I try to instantiate a PKCS10CertificationRequest using the byte array constructor (the byte array comes from reading the certification request into an array of bytes), I get the following error:

Exception in thread "main" java.lang.IllegalArgumentException: badly encoded request
    at org.bouncycastle.jce.PKCS10CertificationRequest.to DERSequence(Unknown Source)
    at org.bouncycastle.jce.PKCS10CertificationRequest.<i nit>(Unknown Source)


Any suggestions on how to get beyond this? I need the mini-CA to accept PEM-encoded certification requests created separately by an end user whether by copy & paste into a textbox or file upload or whatnot. I do not want to use Bouncy Castle to create the initial certification request.

Are you base64 decoding the byte array before passing it in? The constructor expects to receive an ASN.1 encoded array.

If you are using PEM you might also want to look at the classes in the package org.bouncycastle.openssl

Regards,

David

Thanks for your quick reply. I had been doing the base64 decoding, but I had also forgotten to strip out the first and last ascii header and footer lines. Now it works much better.