x509certificate

How can I use certificate authentication with HttpsURLConnection?

*爱你&永不变心* 提交于 2019-11-27 05:40:55
问题 I'm trying to connect to an HTTPS URL, but I need to use client authentication with a certificate placed on my system by third party software. I haven't the slightest idea how I'm supposed to either find or use it and all I have to go on is C# sample code, which differs significantly with all the Java answers I've found about this. (for instance, the KeyStore needs some sort of password apparently?) This is the C# sample code I have System.Security.Cryptography.X509Certificates

Java access to intermediate CAs from Windows keystores?

こ雲淡風輕ζ 提交于 2019-11-27 04:42:06
问题 I need to build a certificate chain on Windows, from an X.509 smart card cert through one or more intermediate CAs to a root CA. That's easy when the CA certs are in a JKS keystore, but I need to use the Windows keystores as well. I can get the root CA cert from "Windows-ROOT", but I can't get to the "Intermediate Certification Authorities" keystore. Has anyone done this? Thanks! 回答1: The SunMSCAPI Cryptographic provider does only support two keystores: Windows-MY (personal certificate store)

Inserting Certificate (with privatekey) in Root, LocalMachine certificate store fails in .NET 4

末鹿安然 提交于 2019-11-27 04:38:17
I'm having problems inserting a new CA certificate with privatekey in the Root certificate store of the localmachine. This is what happens: //This doesn't help either. new StorePermission (PermissionState.Unrestricted) { Flags = StorePermissionFlags.AddToStore }.Assert(); var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); privkey.PersistKeyInCsp = true; //This shouldn't be necessary doesn't make a difference what so ever. RSACryptoServiceProvider.UseMachineKeyStore = true; cert.PrivateKey = privkey; store.Open (OpenFlags.MaxAllowed); store.Add (cert); store.Close (); The

Kubernetes: expired certificate

喜欢而已 提交于 2019-11-27 04:32:06
问题 Our Kubernetes 1.6 cluster had certificates generated when the cluster was built on April 13th, 2017. On December 13th, 2017, our cluster was upgraded to version 1.8, and new certificates were generated [apparently, an incomplete set of certificates]. On April 13th, 2018, we started seeing this message within our Kubernetes dashboard for api-server: [authentication.go:64] Unable to authenticate the request due to an error: [x509: certificate has expired or is not yet valid, x509: certificate

X509TrustManager Override without allowing ALL certs?

為{幸葍}努か 提交于 2019-11-27 04:31:51
问题 I am currently overriding X509TrustManager to allow all certs as a temporarily 'solution' (an unsafe one at that). I am trying to figure out how I would go about adding in so it accepts just a specific cert that I'm having issues with until a proper fix can be done (which is out of my hands at the moment). Here is the current code. TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() { @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null

How to get server certificate chain then verify it's valid and trusted in Java

那年仲夏 提交于 2019-11-27 03:59:59
I need to create an Https connection with a remote server then retrieve and verify the certificate. I have established the connection fine: try { url = new URL(this.SERVER_URL); HttpURLConnection con = (HttpURLConnection) url.openConnection(); HttpsURLConnection secured = (HttpsURLConnection) con; secured.connect(); } But it seems getServerCertificateChain() method is undefined by the type HttpsURLConnection . So how do I retrieve the server certificate chain? My understanding is that getServerCertificateChain() should return an array of X509Certificate objects and that this class has methods

“An internal error occurred.” when loading pfx file with X509Certificate2

断了今生、忘了曾经 提交于 2019-11-27 03:02:28
I'm trying use self-signed certificate (c#): X509Certificate2 cert = new X509Certificate2( Server.MapPath("~/App_Data/myhost.pfx"), "pass"); on a shared web hosting server and I got an error: System.Security.Cryptography.CryptographicException: An internal error occurred. stack trace ends with System.Security.Cryptography.CryptographicException. ThrowCryptogaphicException(Int32 hr) +33 System.Security.Cryptography.X509Certificates.X509Utils. _LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0 System.Security

Certificate Install Security Warning Workaround?

感情迁移 提交于 2019-11-27 02:46:58
问题 I have some C# 4.0 code that attempts to install a CA (.der encoded) certificate into the "Trusted Root Certification Authorities" store for the current (My) user. My little console app runs silently against other stores, but for this store a GUI popup comes up "You are about to install a certificate from a certification authority... Windows cannot validate that the certificate is actually from..... Do you want to install this certificate?" This messagebox is a problem because the idea is to

Exporting a Certificate as BASE-64 encoded .cer

南笙酒味 提交于 2019-11-27 02:03:12
问题 I am trying to export a cert without the private key as as BASE-64 encoded file, same as exporting it from windows. When exported from windows I am able to open the .cer file in notepad. When I try the following and open on notepad I get binary data...I think it is...not readable. X509Certificate2 cert = new X509Certificate2("c:\\myCert.pfx", "test", X509KeyStorageFlags.Exportable); File.WriteAllBytes("c:\\testcer.cer", cert.Export(X509ContentType.Cert)); I tried removing the

Associate a private key with the X509Certificate2 class in .net

北战南征 提交于 2019-11-27 00:44:55
问题 I'm working on some code that creates a X509certificate and a public/private key pair. The public key is added to the certificate and it is sent to an CA which signs it. The returned certificate is then accessed through the System.Security.Cryptography.X509Certificates.X509Certificate2 class. Now I want to use this certificate to initiate a secure connection with other clients. Therefore I use the SslStream class. To start the SSL Handshake I use this method: server.AssociatedSslStream
订阅 x509certificate