x509

问题 I am Authenticating all my users through a Microsoft product using SAML 2.0 with a X509 Certificate. The certificate is close to expiration, and I am not sure if after the certificate expires, my Service Providers will continue accepting my tokens. I am very VERY new to SAML and SSO in general, so my apologies for not using the right terms. 回答1: If your Service Providers are compliant to the specification they will stop processing your SAML messages (Responses) once your signing certificate

问题 Update: I have rewritten the sample code and the CSR is very close to the actual openssl created CSR (only missing the CA:False extended attribute) I have a CA already and would like to dynamically generate user certs for enrolling authorized devices with phpseclib. I know the logic is a little cloudy, this code was pieced together from a variety of different examples: <?php $USERNAME = "tester"; $DEVICENAME = "command"; $PASSWORD = "test"; $ID = 123; require_once("config.inc.php"); // Sets

问题 I am working with Web::ID and have some questions. From the FAQ for Web::ID: How can I use WebID in Perl? [...] Otherwise, you need to use Web::ID directly. Assuming you've configured your web server to request a client certificate from the browser, and you've managed to get that client certificate into Perl in PEM format, then it's just: my $webid = Web::ID->new(certificate => $pem); my $uri = $webid->uri; And you have the URI. Anyway I'm stuck at the .. get that client certificate into Perl

问题 I have p12 file, where I should get X.509 Certificate. In order to work with this file I use forge library: var forge = require('node-forge'); var fs = require('fs'); var keyFile = fs.readFileSync("/path/to/p12/file.p12", 'binary'); var p12Asn1 = forge.asn1.fromDer(keyFile); var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, 'password'); var bags = p12.getBags({bagType: forge.pki.oids.certBag}); var cert = bags[forge.pki.oids.certBag][0]; console.log(cert); Console outputs to me this kind of

问题 I'm working in Go 1.6 on Windows and trying to export a certificate container to a PFX (the ultimate goal here is to access an exportable private key from the certificate store). I have opened a memory store and inserted a certificate into the store: var storedCertCtx *syscall.CertContext storeHandle, err := syscall.CertOpenStore(syscall.CERT_STORE_PROV_MEMORY, 0, 0, syscall.CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG, 0) err = syscall.CertAddCertificateContextToStore(storeHandle, certenum,

问题 I have a use case for a .NET application that stores certificates in a database. One of the requirements is for the application to reject certificates that contain private keys. The user will upload a certificate file (specifically .CER or .CRT) and the application will import it as an X509Certificate2 object so that I can check the HasPrivakeKey property. I know that .PFX files can contain private keys, but is it possible for .CER or .CRT files to also contain private keys? If so, how can I

问题 I have this Helper Method: CngKeyCreationParameters keyParams = new CngKeyCreationParameters(); keyParams.KeyCreationOptions = CngKeyCreationOptions.None; keyParams.KeyUsage = CngKeyUsages.Signing; keyParams.Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider; keyParams.ExportPolicy = CngExportPolicies.AllowExport; String newguid = Guid.NewGuid().ToString(); CngKey newKey = CngKey.Create(CngAlgorithm2.Rsa, keyParams); ... When I debug (my local machine), everything is OK, but in the

问题 I"m trying to build the header in Java with no luck. (here is the spec: https://developer.chrome.com/extensions/crx) Any ideas? protected void geneateCrxHeader (OutputStream ins,byte[] zipArchive) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, InvalidKeyException, SignatureException{ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN"); keyGen.initialize(1024, random); KeyPair pair = keyGen

问题 I need sign data with certificate. My method to sign: private static string CreateSignature(string signatureString) { SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider(); X509Certificate2 cert = new X509Certificate2(HttpContext.Current.Server.MapPath("~/eCommerceConnectCrfs/test-server.cert"), "password"); RSACryptoServiceProvider rsaCryptoIPT = (RSACryptoServiceProvider)cert.PrivateKey; ASCIIEncoding encoder = new ASCIIEncoding(); byte[] binData = encoder.GetBytes

问题 Is it possible to use jsrsasign to extract the fingerprint of an x.509 certficate, similar to what can be achieved using this openssl command: openssl x509 -sha1 -in cert.pem -noout -fingerprint - Ref: openssl x.509 doc I'm reading my X509 like so: var c = new X509(); c.readCertPEM(cert); \\ how to get the fingerprint? Ref: jsrsasign x.509 apidoc 回答1: You just need to extract the string from between the "-----BEGIN CERTIFICATE-----" header and "-----END CERTIFICATE----- " footer, base64