x509

public class CustomTrustManager implements X509TrustManager { private X509TrustManager trustManager; // If a connection was previously attempted and failed the certificate check, that certificate chain will be saved here. private Certificate[] rejectedCertificates = null; private Certificate[] encounteredCertificates = null; private KeyStore keyStore = null; private Logger logger; /** * Constructor * * @param loggerFactory * see {@link InstanceLoggerFactory} */ public CustomTrustManager(InstanceLoggerFactory loggerFactory) { try { this.logger = loggerFactory.getLogger(CustomTrustManager.class)

I would like to use python to create a CA certificate, and client certificates that I sign with it. I will be using these with OpenVPN. After several days of research, and trial and error, this is what I've come up with: #!/usr/bin/env python import os import sys import random from OpenSSL import crypto ########### # CA Cert # ########### ca_key = crypto.PKey() ca_key.generate_key(crypto.TYPE_RSA, 2048) ca_cert = crypto.X509() ca_cert.set_version(2) ca_cert.set_serial_number(random.randint(50000000,100000000)) ca_subj = ca_cert.get_subject() ca_subj.commonName = "My CA" ca_cert.add_extensions(

I'm having problems using openssl to create a x509 certificate containing a crl distribution point for testing. I've checked the documentation and found the configuration setting crlDistributionPoints for this purpose. Unfortunately openssl always generates x509 version 1 certificates without instead of version 3 certificates with the crl distribution point. I'm sure something is wrong with my command or the configuration but reading the documentation carefully and playing around with the configuration did not help. Other settings from the configuration file are considered so I'm sure the file

Background: I am writing a client utility which is capable of connecting to a remote server using SSL/TLS. The client uses OpenSSL to perform the SSL/TLS transactions and I would like to allow users to specify authorized CA Certs (in the case of self signed certs or private CA setups) used to sign the server's certificate. I plan on using the cert's fingerprint, common name, and validity dates to allow the user to quickly view the certs the client uses to validate servers. Question: How do you calculate the SHA1 hash/fingerprint of an X509 cert stored within a PEM file using C/C++/Objective-C?

I am running into an issue when managing openssl certificates from Java Framework. openssl x509 -subject_hash ... output differs to the one that Java framework returns when calling X509_NAME_hash() , see below. The reason for this is that openssl changed the way it calculates the SHA1. Now, instead of basing the hash in the ASN.1 DER representation of the subject, as it does for MD5, it first calculates the CANONICAL representation and then based on that, it calculates the ASN.1 DER, and then uses that as the input for the SHA1 algorithm. NativeCrypto.java : // --- X509_NAME ------------------