certificate

问题 The question is very clear but I did not find any useful tutorial online. So I wish I could have some luck here. Basically, I want to build a client certificate authentication with Apache. I configured the conf file for Apache for the site I am hosting. The conf I put is here: SSLVerifyClient require SSLVerifyDepth 1 SSLCACertificateFile /etc/apache2/ssl/client.crt However I have no idea how to generate the certificate and key file for the client. And also, what file should I put on the

问题 I need to convert a .cer file to a .jks file. I saw a few questions about it, but haven't seen a solution to what I need. I don't need it in order to add it to my local certificates, but as a file to upload to a server. I also need to do it only once, and not programmatically. There's this thread Converting .cer to .jks using java and the author says he had done it successfully, but I couldn't comment to his last reply as I don't have enough reputation, nor could I send him a personal message

问题 When buying a code-signing certificate, what are the merits of starting with a PKCS12 versus JKS certificate? Some vendors give instructions on starting with a JKS or PKCS12 certificate signing request. We'd like to have maximum flexibility in using a purchased cert, especially given the cost. For example, we may be signing more than just Java code (ex: iPhone or Android code signing). What technical considerations should we take into account when choosing either approach? 回答1: If you're

问题 I am using a certificate with my WCF service so have an encoded value in the web.Config <identity> <certificate encodedValue="large string!!!!!!!" /> </identity> The value was generated by Visual studio in development using my test certificate. Now I am deploying I want to get the encoded value for the certificate maintained by the third part who manage the server. I know that using the svcutil.exe tool as follows will give me this. svcutil.exe http://servicename.svc What I want to know is Is

问题 I'm trying to authenticate myself against WebService using my client certificate, but, for some reasons (I explain), I don't want to load certificate from store, rather read it from disc. The following: // gw is teh WebService client X509Certificate cert = new X509Certificate(PathToCertificate); _gw.ClientCertificates.Add(ClientCertificate()); ServicePointManager.ServerCertificateValidationCallback = (a,b,c,d) => true; _gw.DoSomeCall(); returns always 403 - the Service doesn't authorize me.

问题 I need to view who signed the application I have installed onto my device. Is this generally possible to do on the device or on PC? 回答1: (assuming you can obtain access to the raw apk file - which you usually can, if you know or make an educated guess of its name and location, even though you can't list the contents of /data on a non-rooted phone) You could open the apk as a zip file and filter the ascii text from the binary content of META-INF/CERT.RSA Or using an actual tool, jarsigner

问题 I wanted to list the certificates stored in a PKCS12 keystore. The keystore has the extension .pfx 回答1: If the keystore is PKCS12 type ( .pfx ) you have to specify it with -storetype PKCS12 (line breaks added for readability): keytool -list -v -keystore <path to keystore.pfx> \ -storepass <password> \ -storetype PKCS12 回答2: You can also use openssl to accomplish the same thing: $ openssl pkcs12 -nokeys -info \ -in </path/to/file.pfx> \ -passin pass:<pfx's password> MAC Iteration 2048 MAC

问题 I have created a wildcard certificate that works for for xxx.domain.com but not for aaa.bbb.domain.com when creating the certificate: Common Name (e.g. server FQDN or YOUR name) []:*.domain.com but it seems to not be enough. 回答1: Wildcard SSL certificate matches only one level . See Problems with SSL and multi level subdomains wildcard ssl certificate does not cover www version, how do I fix? https://serverfault.com/questions/296390/ssl-domain-problem-for-signed-asterisk-certificates https:/

问题 I have been reading on x.509 certificates and I just don't quite get how the entire process works. so this is how I understand it: the CA is some company which produces certificates. someone who wants to use one, like a bank website, contacts the CA and buys a certificate containing the public key to encode the messages for the website, which can only be decoded by the sites private key. this is where I get confused - how does the user (some web browser), checks that the certificate it

问题 I'm using OpenSSl to encrypt and decrypt files based on CMS/SMIME. Normally I load certificates with rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); but this is only for PEM formatted files I guess. I haven't found any der.h header or something similar. So is there a way in OpenSSL to load DER formatted certificates? I've found the load function for ASN1 format which uses OpenSSL intern. if (format == FORMAT_ASN1) x=d2i_X509_bio(cert,NULL); But can that be used for DER which is binary? 回答1: