certificate

问题 When I create an SSLServerSocket in Java 7 the server correctly uses my server certificate and key. The certificate was issued by a sub-ca of a ca. Therefore the complete chain from the root cert to the server cert has four certificates. The complete chain is present in the keystore/truststore. However when a client connects the server always sends only the server certificate itself. This also applies to Java based web servers like Jetty. Because most clients have only the root ca certificate

问题 We are using Oracle 11g (11.2.0.3.0) and we are receiving the following error when executing a UTL_HTTP call: EXCEPTION: ORA-28860: Fatal SSL error EXCEPTION: ORA-06512: at "SYS.UTL_HTTP", line 1128 ORA-06512: at line 23 EXCEPTION: ORA-28860: Fatal SSL error This is the code we are using: DECLARE url_chr VARCHAR2(500); user_id_chr VARCHAR2(100); password_chr VARCHAR2(20); wallet_path_chr VARCHAR2(500); wallet_pass_chr VARCHAR2(20); l_http_request UTL_HTTP.REQ; l_http_response UTL_HTTP.RESP; l

问题 I have a keystore which has multiple keys and certificates added to it I want to used a certificate based on the aliases from the key store and use it for SSL I tried to set the following System properties but nothing helped System.setProperty("javax.net.ssl.keyAlias", "abcd"); System.setProperty("javax.net.ssl.keyStoreAlias", "abcd"); It always uses the first certificate from the keystore instead of matching the key aliases 回答1: If you look at the Customization section of the JSSE Reference

问题 Is there an easy way to get the Subject Alternate Names from an X509Certificate2 object? foreach (X509Extension ext in certificate.Extensions) { if (ext.Oid.Value.Equals(/* SAN OID */"2.5.29.17")) { byte[] raw = ext.RawData; // ?????? parse to get type and name ???????? } } 回答1: Use the Format method of the extension for a printable version. X509Certificate2 cert = /* your code here */; foreach (X509Extension extension in cert.Extensions) { // Create an AsnEncodedData object using the

问题 Is there an easy way to get the Subject Alternate Names from an X509Certificate2 object? foreach (X509Extension ext in certificate.Extensions) { if (ext.Oid.Value.Equals(/* SAN OID */"2.5.29.17")) { byte[] raw = ext.RawData; // ?????? parse to get type and name ???????? } } 回答1: Use the Format method of the extension for a printable version. X509Certificate2 cert = /* your code here */; foreach (X509Extension extension in cert.Extensions) { // Create an AsnEncodedData object using the

问题 I have a Java application that connects to another Java app through a socket with SSL, so my client JVM already has the -Djavax.net.ssl.keyStore and -Djavax.net.ssl.trustStore properties set. This application needs to make some HTTP requests to a web server that requires client authentication. I can open the connection by using a URLConnection in Java which returns an HTTPSURLConnectionImpl . The client certificate I want to present to the web server in the request is different than the one

问题 I'm working on an xcode automated build system. When performing some pre-build validation I would like to check if the specified certificate file has been revoked. I understand that security verify-cert verifies other cert properties but not revokation. How can I check for revokation? I'm writing the build system in Ruby but am really open to ideas in any language. I read this answer (Openssl - How to check if a certificate is revoked or not) but the link towards the bottom (Does OpenSSL

问题 When I start my application with administrative permissions (right click on the EXE | Run as administrator), the UAC dialog with an orange or yellow banner appears with the warning that the publisher is unknown. Instead of purchase a certificate, I would like to do it differently. I think there must be possibilities to accomplish that without a purchased certificate. Basically, I want the look and feel when I start, for example, the calc.exe (Calculator in Windows) with administrative

问题 I'm having some problems with my app. I'm using the 'org.mentalis.security' assembly to create a certificate object from a 'pfx' file, this is the line of code where the exception occurs: Certificate cert = Certificate.CreateFromPfxFile(publicKey, certificatePassword); This has always worked and still does in production, but for some reason it throws an exception when run in Windows 7 (tried it on 2 machines). CertificateException : Unable to import the PFX file! [error code = -2146893792] I

问题 I've been using the following code (taken from KB323809 article) to retrieve information about the code signature on the executable file. This works fine for a single digital signature. But how to retrieve information for multiple code signatures? In that case the Microsoft code below simply retrives info only for the first signature. My thought was to call CryptMsgGetParam with CMSG_SIGNER_COUNT_PARAM to get the number of signatures and then pass each signature index to the subsequent call