x509

问题 I am not able toload client certificate on ssl connection, so that server can authenticate it. What may be the issue ? LoadCertificates() function is working fine for loading server certificate. I am able to get server certificate on client end. But not able to get client certificate on server end. Also I want to vertify that the certificates are signed by correct CA. I have CA certificate on both ends. Can I do that ? //SSL-Client.c #include <stdio.h> #include <errno.h> #include <unistd.h>

问题 I am creating an api for modifying X509 certificates in C and I want to add a way to remove an extension (e.g. subjectNameAlt ). How would I do this via the OpenSSL API? 回答1: Paul's answer is freeing a pointer returned from X509_get_ext, which the documentation explicitly says not to do.. As stated by the documentation: X509v3_get_ext() [and X509_get_ext() ] retrieves extension loc from x . The index loc can take any value from 0 to X509_get_ext_count(x) - 1 . The returned extension is an

问题 I want to encrypt a XML file by using a X.509 certificate and also decrypt it, too. As far as I know I need to use the public key (inside the certificate) to encrypt the XML and the private key to decrypt the XML. Thus only the guy with private key is able to read the decrypted data. Microsoft provides some code for encryption/decryption here: Encryption: https://msdn.microsoft.com/en-us/library/ms229744(v=vs.110).aspx Decryption: https://msdn.microsoft.com/en-us/library/ms229943(v=vs.110)

问题 I have a problem verifiying a HTTPS endpoint when providing a specific certificate path to the 'verify' option; setting 'verify' to true DOES work however: import requests def run_tests(): url="https://www.google.com" certfilename="google.crt" generate_cert_file( certfilename ) response = requests.get( url, verify=False ) print "URL:%s, Verify=False. Result: %s"%(url, response.status_code ) response = requests.get( url, verify=True ) print "URL:%s, Verify=True. Result: %s"%(url, response

问题 I have following CSR: Certificate Request: Data: Version: 0 (0x0) Subject: C=US, CN=www.example.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:e5:1d:a3:b2:47:1b:7c:05:f3:f3:36:b6:b2:0f: 79:27:0f:80:4c:39:1b:8c:6c:38:eb:43:f3:b4:33: f4:7a:c5:de:2c:f7:28:69:e5:d1:88:6b:41:6c:5f: b6:55:b5:2a:29:69:a4:da:fa:17:ac:6a:a0:5f:30: 9d:07:55:4f:52 ASN1 OID: prime256v1 NIST CURVE: P-256 Attributes: Requested Extensions: X509v3 Key Usage: critical Digital

问题 I am using the OpenSSL C API to build a CSR. The code is as follows: static void seedPRNG() { const int openSSLseedsize = 128; uint8_t *openSSLseed = NULL; openSSLseed = malloc(openSSLseedsize * sizeof(uint8_t)); //printf("%d\n\n", openSSLseedsize); // random number generator SecRandomCopyBytes(kSecRandomDefault, openSSLseedsize, openSSLseed); for (unsigned i = 0; i < openSSLseedsize; i++) { printf("%d", openSSLseed[i]); } printf("\n\n\n\n"); //seed openSSL random RAND_seed(openSSLseed, 128);

问题 It seems as though you can set up a valid X509Store object based on any string. eg. $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("abcdef") I originally was using $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("Cert:\CurrentUser\My") thinking I had a valid object for the My store, however I kept getting an exception when calling: $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::MaxAllowed) #Exception calling

问题 Can someone please help me with the following question I want to check the signature on a CSR (X509 certificate signing request) is valid I believe I know how to do this (as follows) but not certain if my understanding is correct and would be very grateful if someone could check/correct/confirm my method. I am using PowerShell (but understand the basic concepts of C’# too) I have a text file on my hard drive which is basically a base64 encoded CSR called csr.txt So in PowerShell I do the

问题 My java program should sign received X509 certificate requests by using own key. Certificate requests are in PEM format. The key/certificate for signing is in the local java key store. I have seek suitable classes from java.security package. But without success. What classes of Java API should be used for signing X509 certificates? I can convert PEM to DER, but decoding of DER causes problems. I have tried the following: BufferedInputStream bis = new BufferedInputStream(new

问题 Hi, all! My problem is following: I 'm trying to encrypt X509 certificate to PKCS7 but I receive a wrong result. The first attempt is:(used bcmail-jdk16:1.46) Security.addProvider(new BouncyCastleProvider()); keystore = KeyStore.getInstance("PKCS12", "BC"); keystore.load (new FileInputStream(PATH+"//pkcs7-csr-cer//identity.p12"), "testpassword".toCharArray()); PrivateKey privateKey = (PrivateKey)keystore.getKey("testclientcert", "testpassword".toCharArray()); CMSSignedDataGenerator