x509

I have a RemoteCertificateValidationCallback function called by SslStream.AuthenticateAsClient, which is passed an X509Certificate object. I'd like to extract the name from that certificate, such that had I passed that string into AuthenticateAsClient, it would have passed. (Assuming no other issues.) (Note: The Subject property contains the domain name, but it's inside a "CN=..., S=..." etc formatted string.) See also: How to extract CN from X509Certificate in Java? (Asks a similar question for Java, but I can't find similar classes for .NET mentioned in those answers.) (Followup to Eugene's

Hi I am a little new to all this openSSL and PEM stuf, so I thought I would ask you people here. I have a certificate in text(X509) format like this for example Certificate: Data: Version: 3 (0x2) Serial Number: 1f:19:f6:de:35:dd:63:a1:42:91:8a:d5:2c:c0:ab:12 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Thawte SGC CA,O=Thawte Consulting (Pty) Ltd.,C=ZA" Validity: Not Before: Fri Dec 18 00:00:00 2009 Not After : Sun Dec 18 23:59:59 2011 Subject: "CN=mail.google.com,O=Google Inc,L=Mountain View,ST=Californ ia,C=US" ............................................ ..............

I have a RSA Key and a X.509 Certificate which I use for SSL connections. The key and certificate are stored in files in PEM format (generated by OpenSSL) and used in an Apache HTTP server environment. Is there an easy way to validate if the key matches the certificate using only Java code (without executing the openssl binary and parsing the output), for example by using Java security and/or Bouncycastle library methods? The following code compares the SHA-1 over the modulus within the public and private key. The modulus should be unique for each pair (unless you key pair generation mechanism

I created a WCF service that has a method which makes a call to a SOAP web service over the internet. In order to make a call to the SOAP web service, it requires that an X.509 certificate be sent with the HttpWebRequest. The X.509 certificates are loaded in the Personal and Trusted Certificate store of the account which the service is running under. When the service account is logged into the server, everything works just fine. However, when the service account is not physically logged onto the server, it has problems loading up the X.509 certificate and fails authentication when trying to

I need to verify the domain of an X509 certificate using C-land OpenSSL. My understanding is that the library doesn't do this for me, and that I have to implement roughly the following algorithm: If the dnsName field of the subjectAlternativeName extension is present, set name to that value. Otherwise, set name to the CN field of the subject. Compare name against the requested hostname, allowing each asterisk to match [A-Za-z0-9_]+, but not 'dot' (.). It seems to me that there should be plenty of code kicking around to do this, but I haven't found any. Can anyone find an example of this? Or

Using the OpenSSL API, I have extracted a custom extension from a X.509v3 certificate with: X509_EXTENSION* ex = X509_get_ext(x509, 4); The X509_EXTENSION object contains a value (ex->value) that is an ASN.1 OCTET STRING. The OCTET STRING contains a DER encoded UTF-8 string. I'm trying to decode the OCTET STRING to get the plain UTF-8 string. I have tried a few things, such as: ASN1_STRING_to_UTF8(&buf, ex->value); and M_ASN1_OCTET_STRING_print(bio, ex->value); int len = BIO_read(bio, buf, buf_size); buf[len] = '\0'; These both give me the DER encoded string. How do I get the plain UTF-8