x509

问题 I was trying to copy this line openssl smime -sign -signer <chain_crt_file> -in <infile> -out <outfile> -inkey <privatekey> -outform der into C# However it didn't turn out to be as easy as I thought. So far I came only this point OpenSSL.Core.BIO crtBio = OpenSSL.Core.BIO.File("C:/asl/chain.crt", "r"); OpenSSL.Core.BIO keyBio = OpenSSL.Core.BIO.File("C:/asl/keydec.txt", "r"); OpenSSL.X509.X509Chain crt = new OpenSSL.X509.X509Chain(crtBio); OpenSSL.Crypto.RSA key = OpenSSL.Crypto.RSA

问题 I'm trying to write a WinRT application which communicates with Windows Azure's management APIs. In order to do this, a certificate has to be uploaded which meets certain requirements and is then used by the application to authenticate requests. To make for a better user experience, I want to be able to generate the certificate for them and configure the application to use the certificate. Normally, I would reach for the System.Security.Cryptography namespace, but it would appear to be

问题 This question already has an answer here : Closed 8 years ago . Possible Duplicate: Generated signed X.509 client certificate is invalid (no certificate chain to its CA) I followed the example at: http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+Certification+Request+Generation But the resulting signed client certificate has the following error when opened in windows: "This file is invalid for use as the following: Security Certificate" If I install it anyway and

问题 i have a usb cryptotoken and able to sign data and pack it in pkcs file. then i can extract certificate and data from that file using openssl as follows: openssl cms -verify -in signature.p7s -inform DER -noverify -outform DER -signer cert.pem -out textdata so my question is how to do the same using python (pyopenssl)? i've tried to do as described here, but there is different case - i have attached signature and do not have separate signature and certificate file - i have ASN.1 encoded file,

问题 I'm trying to have a specific page on my site only accessible to people after X.509 authentication. Catch is, I want it to be available to all clients who have a matching certificate issued by a specific Intermediate CA (I intend to have a few Intermediate CAs underneath a self-generated Root CA, but only a client certificate issued by one specific Intermediate CA can access this page). Is this possible using PHP? Let me know if I need to elaborate further, and I'll try and add more detail.

问题 Starting August 15 2015, the GSX webservices from Apple will be upgraded to a more secure version, requiring a clientside SSL certificate for each request. What steps do I need to take to connect to this New Generation webservice using the WCF framework with C#.NET? The documentation from Apple states the first step is to generate a CSR (Certificate Signing Request), send this to Apple and they will return a certificate to secure the future connections with. How can I generate this CSR? What

问题 In the common name field of the DN of a X509 certificate, as defined in ASN.1 notation for OID "2.5.4.3", the limit is up to 64 characters. Is there any turnaround if we want to have a common name of more than 64 characters? 回答1: Even if you could cajole your certificate generation code to have a longer CN, it's also the clients that will need to change, of which most you have no control over. Clients could well reject a certificate with a too-long CN and then you'll have no certificate at

问题 I need to add PEM type certificates from memory, which means I can't use the built in read-from-file helpers. My problem is that there's no documentation on how to free up memory afterwards. Now my best guess is as follows: SSL_CTX_use_certificate(): //X509 structure SHOULD be freed using X509_free(), as in SSL_CTX_use_certificate_file() SSL_CTX_use_PrivateKey() // EVP_KEY structure SHOULD be freed using EVP_KEY_free(), as in SSL_CTX_use_PrivateKey_file() SSL_CTX_add_extra_chain_cert() //

问题 This works perfectly in command-line, I would like to do the same using M2Crypto in Python code. openssl smime -binary -sign -signer certificate.pem -inkey key.pem \ -in some_file.txt -out signed_file -outform DER \ -passin pass:somepassword 回答1: This is how I have been using M2Crypto to sign a file. text = open('/path/to/some_file.txt').read() passphrase = 'somepassword' buffer = M2Crypto.BIO.MemoryBuffer(text) signer = M2Crypto.SMIME.SMIME() signer.load_key('/path/to/key.pem', '/path/to

问题 I want to read the Key usage field in a certificate .is there an API is available in openssl ? 回答1: You can try using the following command in openssl. openssl x509 -in <certificate to check> -purpose -noout -text This would print out the list of certificate purpose and the certificate itself. 回答2: The previous solutions you need to find inside the result file/output the string "Key Usage". I got the following solution which brings exactly the String inside the Key Usage X509 certificate.