x509certificate

问题 I have a CRL and a self-signed certificate that acts as a CA Certificate. I need to verify that the same CA has issued both the CRL and the root certificate in Java. The way I thought of was this: X500Principal rootCertIssuer = rootCertificate.getIssuerX500Principal(); X500Principal crlIssuer = crl.getIssuerX500Principal(); if(rootCertIssuer.getName().equals(crlIssuer.getName())) System.out.println("Issuer same!"); else System.out.println("Issuer different!"); This does not seem right,

问题 I'm trying to register an IoT device with Google Cloud IoT Core, and I'm having issues signing the device public key with a CA certificate installed on Google Cloud (device registry). Following are Google's requirements: CA and device certificates must be X.509v3, encoded in base64, wrapped in -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. CA certificates do not need to be self-signed ("root CA"); device certificate must be signed by a specific CA certificate at the registry level

问题 I am fairly new in certificates world. I decided to create an application that is obligated to use a certificate to access the API. I created a self-signed CA certificate, SSL Certificate and a client certificate. I imported them into Windows Server and configured IIS properly. I am able to make a request with clientcertificate.pfx file to API from browser (Google Chrome). The pfx certificate is imported to personal user store via MMC. To create pfx file I used .cert and .pvk files. So far so

问题 How to validate SAML assertion signatures? for (Assertion assertion : samlResponse.getAssertions()) { try { if (assertion.getSignature() != null) { Optional<X509Certificate> x509Certificate = assertion.getSignature().getKeyInfo().getX509Datas() .stream() .findFirst() .map(x509Data -> x509Data.getX509Certificates() .stream() .findFirst() .orElse(null) ); if (x509Certificate.isPresent()) { BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(KeyInfoHelper

问题 I have a openssl X509 structure with a self signed certificate. I need to get a PEM formatted C++ string from this structure. What are the openssl APIs that I need to use to achieve this? I tried following the example program at https://www.codeblog.org/gonzui/markup/openssl-0.9.8a/demos/x509/mkcert.c. This program shows a way to write the certificate in PEM format to a file. I can read the contents of this file into a C++ string if there is no other way to do it. 回答1: look at the source of

问题 I have a WCF service hosted on a windows service on my Server1. It also has IIS on this machine. I call the service from a web app and it works fine. But within this service, I have to call another WCF sevice (also hosted on a windows service) located on Server2. The security credentials are set to "Message" and "Username". I have an error like "SOAP protcol negociation failed". It's a problem with my server certificate public key that doesn't seem to be recognise. However, if I call the

问题 I am using bouncy castle librarires to add extensions to my X509V3Certificate certificate.Let's say that I want to add ExtendedKeyUsage extension to my certificate.I am using X509V3CertificateBuilder class and addExtension() method so I do this. X509V3CertificateBuilder cf=...; ExtendedKeyUsage eku = new ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage); cf.addExtension(Extension.ExtendedKeyUsage, false , eku); But what I am seeing in some examples all over the web , people are doing next

问题 I am trying to configure a https client in my android application that would perform fine grain checking on the certificate chain received from server. More precisely I would like to check : if the chain contains a given CA certificate (custom CA) the value of the common name and the organization name of the end-of-chain certificate I though this could be done by initializing a TrustManagerFactory with properly constructed CertPathTrustManagerParameters but the 2nd line of this code snippet:

问题 I am trying to setup a website (local testing atm), to connect to azure rest api to see our settings. I created a cert locally (W7 machine): makecert -sky exchange -r -n "CN=azureConnectionNew" -pe -a sha1 -len 2048 -ss My "azureConnectionNew.cer" I can see the cert in the certs MMC snap in. (do not have a right click edit permissions option when I view the cert in here). I have a class library that setups up the connection, the cert is passed in by getting the cert (via the thumb string),

问题 I have the following way of generating a self signed certificate using the class CertandKeyGen. CertandKeyGen cert = new CertandKeyGen("RSA", "SHA256withRSA); cert.generate(size); .. X509Certificate certificate = cert.getSelfCertificate(name, validity); Since these are internal APIs from keytool, I am looking at a similar approach using java.security.* APIs. I want to know if this is possible currently. If yes, what are those APIs? I dug around but I am unable to find anything about it. I am