x509

问题 I have some data of an X509v3 certificate that is used at a central licensing station. My question is is the following amount of information enough for me to decrypt data using C# code? And additionally, how are the certificate properties imported into a project? Do I have to create a certificate file in order to go on? Known to me are: Subject Serial Number Issuer "root-ca" Public Key Algorithm: "rsaEncryption" RSA Modulus, 128 bytes RSA Public Key Exponent X509v3 Extended Key Usage:

问题 Little bit of background : I'm building a certificate authority using M2Crypto and Django, so please think twice before voting to close this as off topic! :) My approach is that end-users are identified by e-mail addresses and their self-signed trust-anchors are issued obviously by themselves, but how should I store their 'identity'? I've seen many certificates out there in the wild where the practice has been to store mail addresses as subjectAltName = rfc822:user@domain.test , but googling

问题 Little bit of background : I'm building a certificate authority using M2Crypto and Django, so please think twice before voting to close this as off topic! :) My approach is that end-users are identified by e-mail addresses and their self-signed trust-anchors are issued obviously by themselves, but how should I store their 'identity'? I've seen many certificates out there in the wild where the practice has been to store mail addresses as subjectAltName = rfc822:user@domain.test , but googling

问题 I have an Nginx server which clients make requests to with a Client certificate containing a specific CN and SAN. I want to be able to extract the CN (Common Name) and SAN (Subject Alternative Names) fields of that client cert. rough example config: server { listen 443 ssl; ssl_client_certificate /etc/nginx/certs/client.crt; ssl_verify_client on; #400 if request without valid cert location / { root /usr/share/nginx/html; } location /auth_test { # do something with the CN and SAN. # tried

问题 I'm building an X509 using openssl API... I want to sign this certificate using a 3rd party API which receives a char* with the data to sign, (also a few parameters to see which private key to use) and returns the signature. What I want to ask is if exist a function in openssl which puts the signature, because X509_sign() do a lot of things but needs the privatekey... I have an approach of doing that but I want to know if I'm missing something in the X509_INFO part and if I'm setting the

问题 I'm building an X509 using openssl API... I want to sign this certificate using a 3rd party API which receives a char* with the data to sign, (also a few parameters to see which private key to use) and returns the signature. What I want to ask is if exist a function in openssl which puts the signature, because X509_sign() do a lot of things but needs the privatekey... I have an approach of doing that but I want to know if I'm missing something in the X509_INFO part and if I'm setting the

问题 I'm creating a CA cert. And I'd like to add the subjectAltName extension with some values like email or crl or public cert location and so on. package main import ( "crypto/rand" "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/asn1" "encoding/pem" "fmt" "math/big" "os" "time" //"net" //"strconv" ) func main() { template := x509.Certificate{} template.Subject = pkix.Name{ Organization: []string{"domain.tld", "My Name"}, StreetAddress: []string{"Whatever. 123"}, PostalCode: []string{

问题 I have an object of System.Security.Cryptography.X509Certificates.X509Certificate2. I want to construct an instance of Pkcs12Store (Org.BouncyCastle.Pkcs) using this object. I tried: Approach 1: public Pkcs12Store GetPkcs12Store(X509Certificate2 cert, string password) { byte[] rawdata = cert.RawData; MemoryStream memStream = new MemoryStream(rawdata); Pkcs12Store pk12; pk12 = new Pkcs12Store(memStream, password.ToCharArray()); return pk12; } In this approach, I am getting the exception:

问题 How can I configure the Apache httpd to trust specific client certificates? We need to restrict the access to a webservice to a specific (known) partner's servers. We planned to use an CA-based solution for this (a trusted CA which would only sign trustworthy CSRs as we accepted them); however, our company's CA will not create Certificates for external companies. In order to establish the secured connection anyway, until the necessary PKI is ready, we wanted to configure specific client

问题 Is it possible to sign a new certificate using a certificate signed by a CA as the CA for other certificates and still have them validated by the root CA? Example: # create new key openssl genrsa -des3 -out server.key 2048 openssl req -new -key server.key -out server.csr .... # send csr to ca for signing .... # now what if we make a new key and sign it with the received crt? openssl genrsa -des3 -out newkey.key 2048 openssl req -new -key newkey.key -out newkey.csr openssl x509 -req -in newkey