x509 certificate parsing libraries for Java
Hi! Any recommended crypto libraries for Java. What I need is the ability to parse X.509 Certificates to extract the information contained in them. Thanks ...
certificates
How can I access a private key with the ASPNET user account?
I'm having some trouble importing and accessing a private key with the ASPNET user. I know that when one imports a private key (.pfx file) manually, in windows, you get an option to mark the key as exportable. Now, as far as I can tell, this is needed in order to retrieve that private key later on. My problem comes in that I'm importing...
Storing X509 certificates in DB - Yea or Nay?
I find myself needing to store public key certificates, and a single private key certificate for an in-house application. A member of our team suggested storing the X509 certificates in the database, instead of storing it in the windows certificate store, as we have been doing up until now. I don't like re-inventing the wheel, but I hav...
Self Signed Certificate in Windows without makecert?
We have a shrink wrap type Windows server application where we need to create a self signed certificate on the server to be used by some WCF web services. From our searches on the web, it appears that the makecert utility in the PlatformSDK from Microsoft cannot be distributed with our application, so we're looking for alternatives. ...
How are ssl certificates verified?
What is the series of steps needed to securely verify a ssl certificate? My (very limited) understanding is that when you visit an https site, the server sends a certificate to the client (the browser) and the browser gets the certificate's issuer information from that certificate, then uses that to contact the issuerer, and somehow com...
Java webservice (soap) client - use certificates
I am trying to connect to a webservice over ssl with a client certificate. Is there an elegant way of doing this apart from shoving things like "javax.net.ssl.keyStore" into System.properties. Any pointers to code examples would be appreciated. ...
How to use client certificates in Apache httpd to connect to an LDAP for authorization?
I have a site that is using x509 client certificates (2 way SSL) to authenticate users and an LDAP directory that contains authorization information. I would like to use one of the certificate attributes to query the directory ( SSL_CLIENT_S_DN_CN to be exact ). I see how to use mod_ssl to use the user's client certificates for authenti...
What is special about a code signing certificate?
Is it different from any other certificate I can generate via makecert or buy from some authority? ...
Issue with Self Signed Cert in WCF - Must have Private Key....
Hello, I am creating a WCF service hosted within IIS7 on Windows Vista SP1. I am getting the following error: The certificate 'CN=SignedByLocalHost' must have a private key that is capable of key exchange. The process must have access rights for the private key. It looks like I would need to give the host process assess to the certif...
How long does it take to get a code-signing certificate from Comodo?
I'm looking at buying a code-signing certificate from Comodo (they seem to be the cheapest). Can someone who has done this tell me how long it takes to issue the certificate once you submit your business documents? ...
Access control to web service
This is what I wish to achieve: My ASP.NET web service is hosted on a server called //service. I want to control access to the web service by server and by application as well. What I mean here is if I have two ASP.NET web applications (app1 and app2) hosted on a server called //web1 and I only want //web1/app1 to be able to call the we...
Primer for X.509 certificates on Windows
I am presently studying the topic of encrypting and signing SOAP messages via WSE 3.0 or WCF. Since I have not participated in distributed application development involving the public Internet, I find my knowledge on X.509 ceritificates lacking and how it works in the Windows certificate store mechanism. It is not about asymmetric crypto...
Agent-less method to enumerate certificates on a remote machine
So, I'm trying to develop an agent-less environment management tool. The tool would essentially checklist a group of servers for specific settings that you could specify and it will either simply just report back the results, or make modifications (if allowed to). I've been able to figure out how to do much of this remotely, but have ye...
API/Library to replace signtool.exe
The Windows SDK ships with a tool called signtool.exe that lets you sign a file with a certificate. I need to do the same thing but in a background service so I'm on the lookout for a library (preferably managed code, but COM will do) to do the same thing. Any ideas? Found the answer. Here's how to use an X.509 certificate to sign a fil...
WCF certificates not being set on custom credentials.
I have a custom implementation of ClientCredentials in WCF. Two of the base properties of ClientCredentials are the ClientCertificate and ServiceCertificate, as seen here (MSDN). In my configuration, I have my custom ClientCredentials set, and both certificates defined: <endpointBehaviors> <behavior name="MyCustomEndpointBehavior"...
Client Certs on IIS - not sure I get it - experiences please ?
Hi - Looking for some advice about the use of client certs to retro-fit access control to an existing app. Our company has an existing intranet app (classic ASP/IIS) which we licence to others. Up till now it's been hosted within each organisation that used it and the security consisted of "if you're able to access the intranet you're a...
HTTPS Certificate for internal use
I'm setting up a webserver for a system that needs to be used only through HTTPS, on an internal network (no access from outside world) Right now I got it setup with a self-signed certificate, and it works fine, except for a nasty warning that all browsers fire up, as the CA authority used to sign it is naturally not trusted. Access is...
CDSA - CSSM_X509_EXTENSIONS from SecCertificateRef
So I'm trying to add support for OS X's CDSA API to a tool that uses client-side certificates for identification and authentication. I've figured out how to get the SecCertificateRef pointers to certificates that the current user has stored in the Keychain using SecIdentitySearchCreate()/SecIdentitySearchCopyNext()/SecIdentityCopyCertif...
How to clear SSL state in browser when user's session expires?
I'm working on an ASP.NET application where our users authenticate using client certificates over HTTPS. Our users are only using IE7. Once a client certificate has been used to authenticate successfully it stays in the browser's SSL cache until the process is closed or the user manually clears the SSL cache. We want to be able to clear...
Installing Root CA Cert via code on Win32
Hey all, We've just set up a new remote access solution using Microsoft's TS Gateway, which requires a couple of somewhat fiddly steps on the end users behalf in order to get it working (installing our root ca cert, requirement of RDP 6.1 client etc). In order to make this setup process as easy as possible (a lot of these users aren't ...