x509certificate

问题 How to Convert X509 * Certificate to STACK_OF(X509_NAME) Need to pass this STACK_OF(X509_NAME) to openssl api ENGINE_load_ssl_client_cert 回答1: I need to pass STACK_OF(X509_NAME) to ENGINE_load_ssl_client_cert ... You have not given us much to work with. Its not clear what your problem is, so its hard to say what you should be doing differently. Start tracing OpenSSL's code in <openssl src dir>/ssl/s3_clnt.c : int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) { int i = 0;

问题 I am attempting to validate that a certificate has not been revoked using an X509Chain in C#. X509Chain chain = new X509Chain(); chain.ChainPolicy.RevocationMode = X509RevocationMode.Online; chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EndCertificateOnly; chain.Build(certificate); This returns a status of: The revocation function was unable to check revocation for the certificate I do want to check for revoked certificates, not just switch off the error. How do I resolve this problem

问题 Getting error when access an application hosted in IIS7 in Windows server 2008 R2. Error: Exception Source: mscorlib:ListFunctions_LoadNamePrefixes() Stack Trace: Server stack trace: at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle&

问题 I have determined, after some research, that in order to generate and sign certificates programmatically in java I need the bouncycastle library. Unfortunately it appears that the library has gone through a major overhaul sometime fairly recently. A great deal of their classes are now deprecated and all of the tutorials and code samples I can find that are simple enough to understand are deprecated along with them. I am reasonably new to cryptography. Armed with only basic knowledge and fuzzy

问题 Is it possible to store an X509Certificate2 in a SQL Server table rather than pull a .p12 file from the file system? I'm sure you can but not sure how to go about this. 回答1: This is definitely possible, the X509Certificate2 has a RawData property that can be saved into your SQL Database. To reconstruct the certificate you can use this constructor var cert = new X509Certificate2(filename); var data = cert.RawData; // save data to database... // Fetch data from database... cert = new

问题 I have root, intermediate and end entity certificates and, I want to package it in pkcs # 7 format using bouncy castle. How can I do it? 回答1: At the very first, you have to read latest RFC on PKCS#7/CMS. Please click on this RFC Link to read. Now to fulfill your objective, use bouncycastle. You need to generate CMSSignedData data. For that, you need to prepare private key and Certificate chain. Here, I am going to assume, you already have those. Now prepare CMSProcessableByteArray.

问题 i am new to spring security. can anybody provide me sample application for x509 certificate authentication with spring 2.0.4 回答1: You can use the basic <http> setup to get X509 authentication: <http> <x509: subject-principal-regex"(.*)" user-service-ref="myUserService"/> <intercept-url pattern="/**" access="ROLE_USER" requires-channel="https"/> </http> 来源： https://stackoverflow.com/questions/3913993/x509-authentication-with-spring-security-2-0-4

问题 I would like to validate a certificate chain which will be imported into my app. I do not know how. My coleagues told me, that I have to use Bouncing castle for validation. I saw several examples and still do not have any progress. I have a List<X509Certificate> which contains all certificates which are imported from the UI, and also the PrivateKey . Could you please show me how to validate the certificate chain with Bouncing castle. 回答1: You can use the java.security.cert.CertificateFactory

问题 I would like to use OCSP checking for the certificate which is coming from the server during TLS handshake. I am using Bouncy Castle as provider for OCSP implementation and BC verification methods want X509Certificate as parameter generally. So; how can I follow and get incoming certificate chain at Java side and fetch it? Thanks for your help. 回答1: You can use HttpsURLConnection.getServerCertificates and cast the result to X509Certificate HttpsURLConnection connection = ... Certificate chain

问题 I want to preferably use only what is bundled with java security package. From this answer, I tried: static void parseCert(String filename) throws FileNotFoundException, CertificateException, IOException, InvalidNameException { FileInputStream fis = new FileInputStream(filename); BufferedInputStream bis = new BufferedInputStream(fis); CertificateFactory cf = CertificateFactory.getInstance("X.509"); while (bis.available() > 0) { X509Certificate cert = (X509Certificate) cf.generateCertificate