x509

问题 I am building a command line script to create a client certificate using OpenSSL "mini CA" feature. I have a CA certificate and CA private key encrypted with a password . With those things I am trying to create the client certificate and stumbled upon the command line syntax. How do I specify the password for the CA's private key? So far, I have ... openssl x509 -req -in client.csr -signkey client.key -passin pass:clientPK -CA client-ca.crt -CAkey client-ca.key -CAkeypassin pass:client-caPK <

问题 Is there any easy way to get the complete subject DN (or issuer DN) from an x509 certificate in go as a string? I was not able to find any methods like ".String()" in pkix.Name 回答1: Solution (thanks to a colleague): var oid = map[string]string{ "2.5.4.3": "CN", "2.5.4.4": "SN", "2.5.4.5": "serialNumber", "2.5.4.6": "C", "2.5.4.7": "L", "2.5.4.8": "ST", "2.5.4.9": "streetAddress", "2.5.4.10": "O", "2.5.4.11": "OU", "2.5.4.12": "title", "2.5.4.17": "postalCode", "2.5.4.42": "GN", "2.5.4.43":

问题 Does anyone know of any good tutorials, sites, and or books on writing a SSL checker in Java? I'm trying to do what can be found here: http://www.sslshopper.com/ssl-checker.html . I'm not trying to create a self signed cert or use a a keystore. I want to be able to go out to any site determine if a valid SSL Certificate exists, determine if the hostname on the Cert matches the named entered, and determine when this Cert will expire. I have googled this topic but "How to create a SSL shopper

问题 through the bouncycastle wiki page I was able to understand how to create a X.509 root certificate and a certification request, but I do not quite understand how to proceed concept- and programming wise after that. Lets assume party A does a cert request and gets his client certificate from the CA. How can some party B validate A's certificate? What kind of certificate does A need? A root certificate? A 'normal' client certificate? And how does the validation work on programming level, if we

问题 My .NET exe is signed using signtool. Using this code, I can verify the validity of the certificate itself: var cert = X509Certificate.CreateFromSignedFile("application.exe"); var cert2 = new X509Certificate2(cert.Handle); bool valid = cert2.Verify(); However, this only checks the certificate itself, and not the signature of the EXE. Therefore, if the EXE is tampered with, this method doesn't detect it. How can I check the signature? 回答1: You need to call (P/Invoke) WinVerifyTrust() function

问题 Is there some high level way to write an X509Certificate into a PEM formatted string? Currently I'm doing x509cert.encode() to write it into a DER formatted string, then base 64 encoding it and appending the header and footer to create a PEM string, but it seems bad. Especially since I have to throw in line breaks too. 回答1: This is not bad. Java doesn't provide any functions to write PEM files. What you are doing is the correct way. Even KeyTool does the same thing, BASE64Encoder encoder =

问题 We're trying to generate an X509 certificate (including the private key) programmatically using C# and the BouncyCastle library. We've tried using some of the code from this sample by Felix Kollmann but the private key part of the certificate returns null. Code and unit test are as below: using System; using System.Collections; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Generators; using Org.BouncyCastle.Crypto

问题 I found many answers towards convert from pem to der . However, I cannot find ways to convert der to pem . for example, the following codes generates der encoded file pkcs10.cer public static void main(String[] args) throws Exception { X509Certificate[] chain = buildChain(); PEMWriter pemWrt = new PEMWriter(new OutputStreamWriter(System.out)); pemWrt.writeObject(chain[0]); FileWriter fwO = new FileWriter("pkcs10.cer"); fwO.write((chain[0]).toString()); fwO.close(); pemWrt.close(); } Like, [0]

问题 I have created a root CA(CA-R) and two intermediary CA's(CA-I1 & CAI2)(all self-signed). Using CA-I1, I generated a private key for a server1/client1, CSR & created the certs. Installed the certs for Server1(Apache2) and client1.Im successfully able to connect to the server1 using my client1(python client). Here is the chain -> client1->server1->CA-I1->root CA Using CA-I2, I generated a private key for a server2/client2, CSR & created the certs. Installed the certs for Server2(Apache2) and

问题 I'm trying to develop a FF extension that calls nsIX509CertDB.nsIX509CertDB. When calling this function from a xpcshell I alwas receive a error 0x80004005 (NS_ERROR_FAILURE). I suspect it to be failing since in a xpcshell environment I can not be prompted for the password. Is there any way to provide it from the command line? My code: if(nsIFile != null && nsIFile.exists()) { var certDB = Cc["@mozilla.org/security/x509certdb;1"] .getService(Ci.nsIX509CertDB); certDB.importPKCS12File(null,