x509

问题 Let's say I have three certificates (in Base64 format) Root | --- CA | --- Cert (client/signing/whatever) How can I Get the data from certificate chain in C#? (All those three certs may be in my computer cert store) How can I Get the details from Root-CA-Cert certificate (x509) chain using c#? 回答1: How can I Get the data from certificate chain in C#? ... How can I Get the details from Root-CA-Cert certificate (x509) chain using c#? You can use .Net's X509Certificate Class. It has methods like

问题 Is it possible to set x509 v3 extended attribute for subjectAltName on a CSR? I am able to successfully generate a CSR, and then pass that to a CA to sign. The CA is able to call functions like X509->setDomain("bob.com","*.bob.com","asdf.org"); and they appear in the final cert without issue (note: i am doing the sign, reload, set extensions, resign workaround for phpseclib). The CSR process calling the same functions $X509->setExtension("id-ce-subjectAltName",array("names","here") ) or $X509

问题 I am running into an issue when managing openssl certificates from Java Framework. openssl x509 -subject_hash ... output differs to the one that Java framework returns when calling X509_NAME_hash() , see below. The reason for this is that openssl changed the way it calculates the SHA1. Now, instead of basing the hash in the ASN.1 DER representation of the subject, as it does for MD5, it first calculates the CANONICAL representation and then based on that, it calculates the ASN.1 DER, and then

问题 So, I have a wildcard certificate which is signed by a respectable CA that all browsers recognize (Equifax). This certificate is valid for *.mydomain.com and works well. Now, what I would like to do is use this cert to sign a certificate for a subdomain like something.mydomain.com -- I don't want to use my main (wildcard) certificate for this sublocation for security reasons. Here is a diagram of the certificate chain I am looking to achieve : Equifax CA ==1==> *.mydomain.com ==2==> something

问题 java.lang.IllegalArgumentException at sun.security.provider.certpath.AdaptableX509CertSelector.setSerialNumber(AdaptableX509CertSelector.java:107) at java.security.cert.X509CertSelector.(X509CertSelector.java:283) at sun.security.provider.certpath.AdaptableX509CertSelector.(AdaptableX509CertSelector.java:50) at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:93) at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate

问题 I have a certificate chain in server: Certificate chain 0 s:/******/O=Foobar International BV/OU**** i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/**** 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/**** i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=**** - G5 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=**** - G5 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority And my local root CA certificate is: s:/C=US/O=Symantec

问题 We have a web service that exchanges data via XML document with a vendor. Each vendor needs to digitally sign the XML document to ensure the integrity of the data transmitted for audit purposes. I am unclear as to which type of certificate I need to buy from the major third-party CA's to meet this requirement? Code signing seems to be the right approach, but XML is not listed on any of the sites. Can anyone provide some guidance on this? 回答1: You need an X.509 certificate (they're all X.509

问题 I want to check for different authentication methods for different endpoints. Methods i want to use are x509 and jwt. I need to use only x509 for certain endpoint and use JWT for all other requests. Here's my web security configuration: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Configuration @Order(1) public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter{

问题 I am trying to set up my Signature for a SOAP message. The only part I have left is to populate KeyInfo as such: > <KeyInfo> > <wsse:SecurityTokenReference> > <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</wsse:KeyIdentifier> > </wsse:SecurityTokenReference> > </KeyInfo> I have tried a number of methods, but I have been unable to achieve this using KeyInfo and

问题 I have implemented JWT token generator library from Here, and i am able to get RS256 Token (Payload). But i am having issue with Header data: I need one header value "x5t", which is not generated from the given library. I need header data like: { "typ": "JWT", "alg": "RS256", "x5t": "COm8ON2SD2MTc5jwcxZ0vE3-XJo" } I am getting first two parameter successfully, but not able to get valid third parameter. My Sample code is : $fingerprint = str_replace("SHA1 Fingerprint=", '', system('openssl