@@ -1536,8 +1536,8 @@ private void doGenCert(String alias, String sigAlgName, InputStream in, PrintStr
15361536 subjectPubKey ,
15371537 signerSubjectKeyId );
15381538 info .setExtensions (ext );
1539- X509CertImpl cert = new X509CertImpl ( info );
1540- cert . sign ( privateKey , sigAlgName );
1539+ X509CertImpl cert = X509CertImpl
1540+ . newSigned ( info , privateKey , sigAlgName );
15411541 dumpCert (cert , out );
15421542 for (Certificate ca : keyStore .getCertificateChain (alias )) {
15431543 if (ca instanceof X509Certificate xca ) {
@@ -1589,8 +1589,9 @@ private void doGenCRL(PrintStream out)
15891589 badCerts [i ] = new X509CRLEntryImpl (new BigInteger (ids .get (i )), firstDate );
15901590 }
15911591 }
1592- X509CRLImpl crl = new X509CRLImpl (owner , firstDate , lastDate , badCerts );
1593- crl .sign (privateKey , sigAlgName );
1592+ X509CRLImpl crl = X509CRLImpl .newSigned (
1593+ new X509CRLImpl .TBSCertList (owner , firstDate , lastDate , badCerts ),
1594+ privateKey , sigAlgName );
15941595 if (rfc ) {
15951596 out .println ("-----BEGIN X509 CRL-----" );
15961597 out .println (Base64 .getMimeEncoder (64 , CRLF ).encodeToString (crl .getEncodedInternal ()));
@@ -3228,8 +3229,8 @@ private void doSelfCert(String alias, String dname, String sigAlgName)
32283229 null );
32293230 certInfo .setExtensions (ext );
32303231 // Sign the new certificate
3231- X509CertImpl newCert = new X509CertImpl ( certInfo );
3232- newCert . sign ( privKey , sigAlgName );
3232+ X509CertImpl newCert = X509CertImpl . newSigned (
3233+ certInfo , privKey , sigAlgName );
32333234
32343235 // Store the new certificate as a single-element certificate chain
32353236 keyStore .setKeyEntry (alias , privKey ,
0 commit comments