x509certificate

问题 How can I create a certificate using makecert with a 'Subject Alternative Name' field ? You can add some fields eg, 'Enhanced Key Usage' with the -eku option and I've tried the -san option but makecert doesn't like it. This is a self-signed certificate so any method that uses IIS to create something to send off to a CA won't be appropriate. 回答1: Makecert doesn't appear to support SANs so I created a certificate with SANs for use with IIS using OpenSSL. Check out my post about it. http:/

问题 This is similar to Import PEM into Java Key Store. But the question's answers use OpenSSL for conversions and tools to import them into key stores on the file system. I'm trying to use a well formed X509 certificate as a trust anchor: static String CA_FILE = "ca-rsa-cert.pem"; public static void main(String[] args) throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream(CA_FILE), null); TrustManagerFactory tmf = TrustManagerFactory .getInstance

问题 I have a web-service which I secured using certificates. Now, I want to identify the client by looking at the certificate thumbprint. This means that I have a list of thumbprints on my service somewhere that are linked to some user. Actually, my first question (a little off-topic) is: is this a good approach or should I still introduce some username password construction? Second question is: how can I get the certificate that the client used to connect to the web-service so I can read the

问题 For a secure application I need to select a certificate in a dialog. How can I access certificate store or a part of it (e.g. storeLocation="Local Machine" and storeName="My" ) using C# and get a collection of all certificates from there? Thanks in advance for your help. 回答1: X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); foreach (X509Certificate2 certificate in store.Certificates){ //TODO's } 回答2: Try this: //using System.Security

问题 //cert is an EF Entity and // cert.CertificatePKCS12 is a byte[] with the certificate. var certificate = new X509Certificate(cert.CertificatePKCS12, "SomePassword"); When loading a certificate from our database, on our staging server (Windows 2008 R2/IIS7.5) we get this exception: System.Security.Cryptography.CryptographicException: An internal error occurred. at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography

问题 I'm using openssl to create self-signed certs. I'm getting this error with the certs I generated: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present Does anyone know how to specify "Subject alternative name" while creating a cert? This is how I'm generating a keystore: sudo $JAVA_HOME/bin/keytool -genkey -dname "CN=192.168.x.xxx, OU=I, O=I, L=T, ST=On, C=CA" -alias tomcat -validity 3650 -keyalg RSA -keystore /root/.keystore

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 5 years ago . I am trying to generate a self-signed certificate with OpenSSL with SubjectAltName in it.While I am generating the csr for the certificate, my guess is I have to use v3 extensions of OpenSSL x509. I am using : openssl req -new -x509 -v3 -key private.key -out certificate.pem -days 730 Can someone help me with the

问题 I have a PFX certificate with CNG key inside (KSP provider information is specified in the PFX). I can't find a way to import the certificate in .NET in the way that would allow private key export in plain text (MS-CAPI format). var cert = new X509Certificate2(pfxBytes,password,X509KeyStorageFlags.Exportable); then I use this handle to acquire private key context by calling CryptAcquireCertificatePrivateKey function with enabled flag to allow CNG keys. The call succeeds. When I call

问题 I am not able toload client certificate on ssl connection, so that server can authenticate it. What may be the issue ? LoadCertificates() function is working fine for loading server certificate. I am able to get server certificate on client end. But not able to get client certificate on server end. Also I want to vertify that the certificates are signed by correct CA. I have CA certificate on both ends. Can I do that ? //SSL-Client.c #include <stdio.h> #include <errno.h> #include <unistd.h>

问题 I've been struggling to get a WCF client to work through a web proxy. If I manually specify the proxy as below, I can get the http request to work. WebProxy proxy = new WebProxy("http://x.x.x.x:3128", false); proxy.Credentials = new NetworkCredential("user", "pass"); WebRequest.DefaultWebProxy = proxy; However I have the client service proxy set to use ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode