ca

问题 I'm reading through Support Certificates In Your Applications With The .NET Framework 2.0 trying to determine how to set a CA for a SSL connection. Around half-way down the article under Validating Certificates, MSDN presents some code: static void ValidateCert(X509Certificate2 cert) { X509Chain chain = new X509Chain(); // check entire chain for revocation chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain; // check online and offline revocation lists chain.ChainPolicy

问题 I am building a command line script to create a client certificate using OpenSSL "mini CA" feature. I have a CA certificate and CA private key encrypted with a password . With those things I am trying to create the client certificate and stumbled upon the command line syntax. How do I specify the password for the CA's private key? So far, I have ... openssl x509 -req -in client.csr -signkey client.key -passin pass:clientPK -CA client-ca.crt -CAkey client-ca.key -CAkeypassin pass:client-caPK <

问题 I have a CRL and a self-signed certificate that acts as a CA Certificate. I need to verify that the same CA has issued both the CRL and the root certificate in Java. The way I thought of was this: X500Principal rootCertIssuer = rootCertificate.getIssuerX500Principal(); X500Principal crlIssuer = crl.getIssuerX500Principal(); if(rootCertIssuer.getName().equals(crlIssuer.getName())) System.out.println("Issuer same!"); else System.out.println("Issuer different!"); This does not seem right,

问题 For an application, I need to have a SSL certificate for a WCF service, So we installed it. If I go with an internet browser with a web browser trough https, I've got no problem, no warning, nothing, so I suppose that this certificate is considered as valid for windows. The problem is that when I'm trying to connect to my WCF server, I got this error: The X.509 certificate CN=myHostName, OU=tom, O=myDomainName, L=MyLocation, S=SO, C=CH chain building failed. The certificate that was used has

问题 I am getting some problems after trying to convert my android app to use SSL to transport information between my android app and web server. (SocketTimeOutException) I have bought a Positive SSL certificate from a Certificate Authority (CA) and configured my server to work with it correctly. I have tested it in my web browser and its working correctly. Now I am trying to modify my android app to use https instead of http but as this is the first time I have used https myself, I am a little

问题 Is there a android developer page that lists all of the trusted root CAs? I know I can just pull the file, and list them using keytool - looking for a published web page. 回答1: In Jelly bean you can find the trusted CA list by navigating to Settings -> Security -> Trusted credentials. 回答2: I haven't found an official page. However, here is shown how to get the list of trustes certs from an android device: http://www.andreabaccega.com/blog/2010/09/23/android-root-certification-authorities-list/

问题 I am developing an Android application which requires SSL handshaking to be done only if the server has a particular certificate issued by a CA(For eg: GoDaddy). I referred the documentation on Android developer website but it only says about verifying a self signed certificate or certificate that is not trusted by Android.In my case should I get the client certificate and add it to my keystore.I am using apache HttpClient for my webservice requests. Any help is much appreciated. 回答1: It is

问题 My software connects to Dropbox using an HTTPS connection in order to retrieve some sensitive data. I would like to pin the Certificates Authorities in order to prevent a man-in-the-middle attack. So far I have the following code: static bool VerifyServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { try { var currentCaPublicKey = chain.ChainElements.Cast<X509ChainElement>().Last().Certificate.GetPublicKeyString(); var caPublicKeys

问题 I am developing a Java application that queries a REST API on a remote server over HTTP. For security reasons this communication should be switched to HTTPS. Now that Let's Encrypt started their public beta, I'd like to know if Java currently works (or is confirmed to be working in the future) with their certificates by default. Let's Encrypt got their intermediate cross-signed by IdenTrust, which should be good news. However, I cannot find any of these two in the output of this command:

问题 I am experiencing a problem in ruby, where an SSL cert could not be validated by OpenSSL. I think this is caused by the ca-bundle.pem not being known by the script. Is there a possibility to configure the path of the ca-bundle.pem manually? 回答1: OpenSSL uses the SSL_CERT_FILE environment variable. You can set it in your ruby script using something like before the first require which pulls in OpenSSL: ENV['SSL_CERT_FILE'] = '/path/to/ca-bundle.pem' or, if you prefer, you can set the SSL_CERT