x509certificate

问题 I use BouncyCastle to generate certificats. Now I want to add some SubjectAlternativeName , just like: ... ArrayList namesList = new ArrayList(); namesList.add(new GeneralName(GeneralName.dNSName, "*.test")); namesList.add(new GeneralName(GeneralName.iPAddress, "127.0.0.1")); namesList.add(new GeneralName(GeneralName.rfc822Name, "zoltar@spkac.spectra.org")); GeneralNames subjectAltNames = new GeneralNames(new DERSequence((GeneralName[])namesList.toArray(new GeneralName [] {}))); new_cert

问题 This question already has an answer here : Closed 8 years ago . Possible Duplicate: Generated signed X.509 client certificate is invalid (no certificate chain to its CA) I followed the example at: http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+Certification+Request+Generation But the resulting signed client certificate has the following error when opened in windows: "This file is invalid for use as the following: Security Certificate" If I install it anyway and

问题 I am trying to access the private key of an X509 certificate intalled in a certificate store on a remote machine. Whilst I can access the cert store and the certificate on the remote server, I get the error "System.Security.Cryptography.CryptographicException: Keyset does not exist" when I call the PrivateKey property of the X509Certificate2 object. I have been through answers given for this error but none of them seem to work for me. I have verified that the user calling my code has

问题 I create the following files using the commands: makecert -n "CN=TEST_CER" -sv "Test.pvk" -r -sky echange -pe test.cer pvk2pfx -pvk Eltapk.pvk -spc test.cer -pfx test.pfx -pi PVKPASS -po PFXPASS -f Then i use the test.pfx in the following test application : X509Certificate2 cer2 = new X509Certificate2("test.pfx", "PFXPASS"); RSACryptoServiceProvider PrivateKey = cer2.PrivateKey as RSACryptoServiceProvider; RSACryptoServiceProvider PublicKey = cer2.PublicKey.Key as RSACryptoServiceProvider;

问题 I am implementing an auto-update mechanism for my software. The msi on the server is signed using signtool. My app downloads the msi and reads the public key of the downloaded msi. If the public key matches the one that is hard coded in the source code, it will execute the msi and update itself. Would this is be sufficient to ensure that no malicious msi gets executed by mistake? My understanding is that a file will have the same public key ONLY if signed by my certificate. Edit: With petey's

问题 I extracted x509certificate data from a xml file <X509Data> <X509Certificate> MIIB7DCCAVmgAwIBAgIQPjHcBTL63bBLuJZ88RcrCjAJBgUrDgMCHQUAMBExDzANBgNVBAMT BnJvbWVvazAgFw0xMDAzMTUwMjI1MjZaGA8yMTEwMDIxOTAyMjUyNlowETEPMA0GA1UEAxMG cm9tZW9rMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAu/sBh13A27rR7gJpZsI6zCee TXNohQWlq2z6Zg8Oxzsy5JoVV....== </X509Certificate> </X509Data> How can I create Java X509Certificate from this data? I've already tried CertificateFactory cf = CertificateFactory.getInstance(X_509);

问题 I am trying to show the list of certificates from the Client Certificate store in JSP. In .Net there is an option to show the list of certificates with the following code... X509Store xStore = new X509Store(...); xStore.Open(...); // This will open the list of certicates in open dialog box. Is there any similar functionality to get this information in Java? 回答1: You can open a JKS store using the default JDK classes, to open a pkcs12 file or the likes you need a library like bouncycastle. For

问题 From a result of security scan program, I have a need to restrict the Certificate Authorities the app trusts. The scan result points out the line at webView.loadUrl("https://example.com/page"); . I see how I can create a SslSocketFactory that uses my TrustManager, but I don't see an API in WebView that allows me to set that. https://developer.android.com/training/articles/security-ssl.html#UnknownCa What are some possible ways to achieve this? 回答1: I think WebViewClient 's onReceivedSslError

问题 If so, How do you set certificate for authentication, what files do you need? is it .pfx? How would you install that in browser? Been stuck trying to test 2 way ssl through browser. I have a webservice, and trying to connect always returns certification authentication failed. 回答1: Expanding on nickrak's answer. 2-way SSL means that the client trusts the webservice, and that the webservice trusts/authenticates the client. On the webservice side: Add the client's CA cert into the webservice's

问题 I'm trying to scrape a website that first asks for a certificate. After you are authenticated it then will ask you to provide a username and password. Anyway I'm trying to use fiddler to see what i need to replicate and when i turn on it to "Capture traffic" and then I go to internet explorer and try to access the site it says " Internet Explorer cannot display the webpage " then when i turn off fiddler and try it again it brings me to the login page. I've tried this link and i tried