x509

How to get the Root CA Certificate Fingerprint using openssl

一曲冷凌霜 提交于 2019-12-08 17:04:49
By using the following command, I can verify the sha1 fingerprint of the presented certificate: $ openssl s_client -connect hooks.slack.com:443 -showcerts < /dev/null 2>/dev/null | openssl x509 -in /dev/stdin -sha1 -noout -fingerprint SHA1 Fingerprint=AB:F0:5B:A9:1A:E0:AE:5F:CE:32:2E:7C:66:67:49:EC:DD:6D:6A:38 But what if I want to get the fingerprint of the Top Level Signing Authority? $ openssl s_client -connect hooks.slack.com:443 < /dev/null 2>/dev/null CONNECTED(00000003) --- Certificate chain 0 s:/C=US/ST=California/L=San Francisco/O=Slack Technologies, Inc/CN=*.slack.com i:/C=US/O

How to get the Root CA Certificate Fingerprint using openssl

a 夏天 提交于 2019-12-08 07:20:54
问题 By using the following command, I can verify the sha1 fingerprint of the presented certificate: $ openssl s_client -connect hooks.slack.com:443 -showcerts < /dev/null 2>/dev/null | openssl x509 -in /dev/stdin -sha1 -noout -fingerprint SHA1 Fingerprint=AB:F0:5B:A9:1A:E0:AE:5F:CE:32:2E:7C:66:67:49:EC:DD:6D:6A:38 But what if I want to get the fingerprint of the Top Level Signing Authority? $ openssl s_client -connect hooks.slack.com:443 < /dev/null 2>/dev/null CONNECTED(00000003) --- Certificate

How is the CSR signature constructed?

[亡魂溺海] 提交于 2019-12-08 06:09:08
问题 I am trying to generate a CSR (Certificate Signing Request) in an embedded device. I have implemented some OpenSSL functions in one embedded device. Unfortunately I only have a few functions available. So far I've been able to generate an RSA private key and now I need to generate the CSR. My library does NOT have any of the functions such as X509_REQ_new() , X509_REQ_get_subject_name() etc. Therefore I'm building the CSR by means of creating a DER file directly. The CSR in DER format is

How to instantiate X509Certificate from a P12 file in Blackberry

拟墨画扇 提交于 2019-12-08 05:20:40
问题 I have a valid P12 file. I need to instantiate an X509certificate object, so that I can use it as a client side certificate. I realize that there is already a similar question answered here, How to instantiate javax.security.X509Certficate object from a p12 certificate (contains certificate + private key) But in Blackberry, the getInstance(String) method is not available for KeyStore. It's available for DeviceKeyStore and TrustedKeyStore. But we can't pass the "PKCS12" parameter to the

How does this code extract the signature?

余生长醉 提交于 2019-12-08 03:02:48
问题 I have to debug an old PHP script from a developer who has left the company. I understand the most part of the code, except the following function. My question: What does... if($seq == 0x03 || $seq == 0x30) ...mean in context of extracting the signature out of an X.509 certificate? public function extractSignature($certPemString) { $bin = $this->ConvertPemToBinary($certPemString); if(empty($certPemString) || empty($bin)) { return false; } $bin = substr($bin,4); while(strlen($bin) > 1) { $seq

Loading the Jira Public Certificate in .Net from a string (how to convert ASN.1 encoded SubjectPublicKeyInfo to X509 Cert in .Net)

不打扰是莪最后的温柔 提交于 2019-12-07 14:48:18
问题 I am building an oauth 1.0a service that will be consumed by a gadget within Jira, it's a .Net 3.5 Application written in C#. Jira makes requests to this service using the RSA-SHA1 signature method, which means to verify the signature of the request I need create an X509Certificate instance form their public cert. Within the Jira application you can get the public cert by going to the consumer info screen (which also has the consumer key for Jira etc.) and it presents the public key in this

creating PKCS12 at runtime on iOS without using openssl

若如初见. 提交于 2019-12-07 14:39:03
问题 My iOS app is handling x509 certificates + keys (DER encoded) at runtime. The only way I am able to successfully import them into the keychain is to use PKCS12 using the function: SecPKCS12Import() I have been trying hard to get it running using only SecItemAdd() . I used that function for the DER encoded certificate and again for the DER encoded key. But even though the call return with success, querying the keychain afterwards didn't yield a SecIdentityRef . So I ended up using the OpenSSL

X.509v3 ASN.1 to C datastructs

杀马特。学长 韩版系。学妹 提交于 2019-12-07 12:59:51
问题 I'm trying to create a X509 Request for a Proxy Certificate (ProxyCertInfo Extension RFC3820) in C (OpenSSL), but I cannot figure out how the datastructures of the ProxyCertInfo should be defined. The RFC defines the ASN.1 language as follows: PKIXproxy88 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) proxy-cert-extns(25) } DEFINITIONS EXPLICIT TAGS ::= BEGIN -- EXPORTS ALL -- -- IMPORTS NONE -- -- PKIX specific OIDs id-pkix OBJECT

C# Certificate generation framework

南笙酒味 提交于 2019-12-07 12:23:00
问题 Does anyone know a C# framework that can generate public/private keys, X.509 certificates and sign those certificates? 回答1: BouncyCastleCrypto, as crazy of a name it is, I am pretty sure has all of these capabilities. Just about all of the RFC standards are implemented. When I used it a few years ago it was poorly documented, but the unit testing was very thorough, so much so that you could search around for certain key words like "509" and find unit tests that are exercising the part of the

X509 subject alternative name (subjectAltName) IP address field

家住魔仙堡 提交于 2019-12-07 12:10:28
问题 X509v3 can contain IP address field in subject Alternative Name extension. As an application verifying the server's identity, how should the IP address field be validated? If both DNS name and IP address are present? Is there a preference of one over the another? What is the use of dirName field? 回答1: I read RFC 2818 earlier but must have missed this part. In some cases, the URI is specified as an IP address rather than a hostname. In this case, the iPAddress subjectAltName must be present in
订阅 x509