Hi, I have public and private keys in separate .pem files that I would need to get into a JKS keystore somehow. Tried using the -import command in KeyTool for this, which gives an "not an X.509 certificate" error. I'm guessing the solution has to do with OpenSSL, but I'm not entirely sure what to do with it. Would really appreciate a...
Hello, guys, I have to write these codes in c. I have already generate the certificate of one terminate t1: t1.pem, which is generated by openssl. The communication between the terminates t1 and t2 has been established via socket in c. Now I want to send this certificate to another terminate t2.and I want t2 to receive the certificate,...
I recently formatted my computer and updated to Windows 7. I backed up my keystore and tried to sign my apk with it but it gave me an error that said my certificate expires in 22yrs. which is just shy of what the market requires to upload the apk. So now I am stuck not being able to update my app... How did this happen? Is there a way ...
I understsand that if I want to use authentication in WCF then I need to install a certificate on my server which WCF will use to encrypt data passing between my server and client. For development purposes I believe I can use the makecert.exe util. to make a development certificate. What is the worst that can happen if I use this certi...
Hi, I have generated using openssl mycert.pem which contents the certificate. And I converted the base64 text into hex. I wonder if it's possible to extract the informations from the hex string in c (without using the openssl library). For example, the public key, the issuer, the subject, the validity information, etc. Thanks. ...
Users are getting sporadic "Server not found" errors after idling in the browser. We have a HTTPS web application (Apache/Tomcat) using NSS for authentication on the server. The error occurs when a user opens the application and later lets it sit idle/untouched for 15 minutes. When they try to access the application they can get a "Ser...
I recently acquired a code signing certificate for my employer, but I am not the InstallShield developer who will sign the binaries before distribution. I know I can export the certificate along with its private key, but where do I store it so the InstallShield developer can install it on his machine? Should I remove it from my machine o...
I need to connect my SOAP to service that requires to use local CA, but i don't seem to be able to find the WSDL, witch also needs the local CA. Can't PHP5's SOAP use local CA for WSDL calls? I'm using Zend Framework. Here is the code that I'm using. $soapClient = new Zend_Soap_Client("https://webservice/wsdl", array( 'local...
Quick Version of Question Gmail, TD (Canadian Bank), Royal Bank (Canadian Bank) all use ssl. When you inspect their certificates they all have Common Name (CN) mail.google.com Or more generally: Common Name (CN) <url> Is this needed to prevent man in the middle attacks? Summary JBoss allows clients and servers to authent...
Hi all, we have enabled "Require Client Certificate" in IIS 6 for a webpage. When we do a request with a revoked certificate we normally get a 403.13 from IIS that blocks the call before the asp.net runtime is called. Sometimes however the IIS passes through the client but asp.net gives an 403.13 error. Does anyone know the difference ...
I have an ASP.NET application that accesses private key in a certificate in the certificates store. On Windows Server 2003 I was able to use winhttpcertcfg.exe to give private key access to the NETWORK SERVICE account. How do I give permissions to access a Private Key in a certificate in the certificate store (Local Computer\Personal) on...
Hi all, Is it possible to create a certificate template that uses SHA-2 (sha256, sha224, sha384, sha512), from a Windows server 2003 CA? I know how to do it in Windows server 2008 based CA, with the new version (version 3) - it is possible to specify the hash algorithm (Under the "Cryptography" tab of the template properties). But is i...
Hello. I'm trying to use httplib's HTTPSConnection for client validation, using a PKCS #12 certificate. I know the certificate is good, as I can connect to the server using it in MSIE and Firefox. Here's my connect function (the certificate includes the private key). I've pared it down to just the basics: def connect(self, cert_file,...
I just created a self-signed certificate on a linux box running tomcat 6. I created the keys like this, valid for 10 years: keytool -genkey -alias tomcatorange -keyalg RSA -validity 3650 and copied the keystore into a folder in tomcat, and updated server.xml to point at the keystore. Now my network admin is asking for the both the p...
Hi all, I have an OpenSSL client-side implementation that establishes a TLS (v1) connection successfully. It works fine, untill I'm trying to use a subordinate CA certificate and not a root CA one. What do I need to add to the code? I use OpenSSL 00.9.8k. Thanks. ...
I'm looking for a way to add a Subject Alternative Name in my certificate request in the IIS 6.0 certificate creation wizard. It seems I can only fill the Subject field and not the Subject Alternative Name. Trying to follow this guide (http://support.microsoft.com/kb/931351) using certreq.exe doesn't help, it fails without any hint exce...
Hi, I'm having some problems with my App. I'm using 'org.mentalis.security' assembly to create a certificate object from a 'pfx' file, this is the line of code where the exception occurs : Certificate cert = Certificate.CreateFromPfxFile(publicKey, certificatePassword); this has always worked and still does in production, but for some...
I'm confused by the dev and dist cert. I got one app in the store, but I named my certs after my first app. Was this a mistake? I'm ready to go on my second app. But XCode is selected the dist cert with the old app name on it. It built without error. Though I named it wrong, will it still work? XCode is automatically picking this cert f...
I need to work with private HTTPS API and client has incorrect certificate on the host. Certificate is for www.clienthost.com and I'm working with api.clienthost.com. So I need to connect via HTTPS to api.clienthost.com ignoring incorrect certificate but still make sure it is the one for www.clienthost.com and not something else. I found...
I know there were a lot of questions/answers about how to ignore SSL error in the code. On our dev region dev.domain.tld we have configured a app server over SSL. The certificate that is displayed is for somedev.domain.tld. There is no way to change the certificate, it will always be a domain mismatch. So when I deploy a web-service ...