x.509

Inter-convertability of asymmetric key containers (eg: X.509, PGP, OpenSSH)

Are asymmetrical cryptographic keys fundamentally inter-convertible between the major key container formats? For example, can I convert an X.509 key file into a PGP or OpenGPG key file? And--assuming the answer is yes--is it "security neutral" to keep one key pair in whatever format and convert into whichever container file format is n...

Custom X509SecurityTokenManager ignored

I have a webservice that that uses message layer security with X.509 certificates in WSE 3.0. The service uses a X509v3 policy to sign various elements in the soapheader. I need to do some custom checks on the certificates so I've tried to implement a custom X509SecurityTokenManager and added a section in web.config. When I call the se...

Why is this X.509 certificate considered invalid?

I have a given certificate installed on my server. That certificate has valid dates, and seems perfectly valid in the Windows certificates MMC snap-in. However, when I try to read the certificate, in order to use it in an HttpRequest, I can't find it. Here is the code used: X509Store store = new X509Store(StoreName.Root, StoreLocat...

x509 certificate parsing libraries for Java

Hi! Any recommended crypto libraries for Java. What I need is the ability to parse X.509 Certificates to extract the information contained in them. Thanks ...

Crypto/x509 certificate parsing libraries for Python (pyOpenSSL vs Python OpenSSL Wrappers vs...)

Hi! Any recommended crypto libraries for Python. I know I've asked something similar in http://stackoverflow.com/questions/143523/, but I should've split the question in two. What I need is the ability to parse X.509 Certificates to extract the information contained in them. Looking around, I've found two options: Python OpenSSL Wra...

Generate X.509 certificate key pair and signing request (CSR) in C#

How do you generate a X.509 public and private key pair and a signing request (CSR file) to be sent to a CA for signing in C#? ...

How to use client certificates in Apache httpd to connect to an LDAP for authorization?

I have a site that is using x509 client certificates (2 way SSL) to authenticate users and an LDAP directory that contains authorization information. I would like to use one of the certificate attributes to query the directory ( SSL_CLIENT_S_DN_CN to be exact ). I see how to use mod_ssl to use the user's client certificates for authenti...

How can I convert a SSL certificate from PEM to DER and keep the private key?

Backstory: I have a PKCS#12 (p12) certificate with a symmetric cipher (password) that I used OpenSSL to convert to a PEM; opening that as text I see it contains both a BEGIN/END CERTIFICATE section as well as BEGIN/END RSA PRIVATE KEY. The .NET Framework X509Certificate class only supports the "ASN.1 DER" format, so I used OpenSSL to co...

Cannot find the X.509 Certificate using the following search criteria:

I get this message: Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType 'FindBySubjectDistinguishedName', FindValue 'CN=HighBall'. My web.config setup looks like this; Authentication is set like... <authentication mode="Windows" /> The bindings are set fo...

Tool for Viewing X.509 Certificates?

Does anyone know of any good tools to view the store name, store location, or values of an X.509 Certificate? ...

Implementing Message Security in NETCF

As far as I know only a subset of WS-Security version 1.0 is supported in NETCF and it uses X.509 certificates. How can I obtain such a certificate to implement it in my application and prevent others to use my WCF service? ...

How can I configure WCF to use x509 certificates over the internet?

I need to use an x509 certificate to get secure message level authentication from a rich client via the internet to a secure WCF Web Service. Specifically, I am looking for a working step-by-step guide to setup, configuration, coding, and deployment, including creating a 'dev' certificate, installing it, and obtaining a 'real' certifica...

X509 Public Cert and Permissions

I’ve got an issue with loading a particular X509 certificate within an ASP.NET application (i.e. not through IIS for https). I’ve loaded it into my ‘Personal’ and ‘Trusted Root’ stores on my local machine (through the MMC snap in) but can’t load it from either store. It seems the NETWORK SERVICE account doesn’t have permissions to read/...

iPhone TrustStore CA certificates

Hi there! Does any of you have a clue how to alter the contents of Security.framework/TrustStore.sqlite3. It seems as if the iphone uses it to store trusted CA certificates. I really want my iPod touch to trust my custom certificate. Beside that, does anyone of you know an app (win32) to edit sqlite3 database files (except sqliteman, th...

how to use X509 certificates (to sign a file w/ simple verification, + other questions)

I spent several hours yesterday trying to digitally sign a short file using an X509 certificate (one of the "freemail" certificates from thawte). I finally got openssl to sign it as an SMIME message, but I can't successfully verify it, AND it's in the SMIME format -- I don't have access to a "sendmail" program which can actually send out...

WCF username without certificate

I'm working on a project where I need the following WCF service on server side (.net 3.5) WPF client for the client side (.net 3.0) I have an existing application that I have to utilize the authentication and authorization from (on the server side). I also need to store some metadata about the user in the WCF Service's Thread Principa...

Primer for X.509 certificates on Windows

I am presently studying the topic of encrypting and signing SOAP messages via WSE 3.0 or WCF. Since I have not participated in distributed application development involving the public Internet, I find my knowledge on X.509 ceritificates lacking and how it works in the Windows certificate store mechanism. It is not about asymmetric crypto...

What type of X509 Certificate to use for XML Signature?

I'm currently developing some software that uses XML Signing to transfer files securely between two machines. We're using X.509 certificates from our own CA as keys. The CA (Windows 2003 server) offers several types of certificates (Email Cert, Server Cert, ...) Which one of those would I need to generate for XML Signature? To my knowl...

"Cannot load the X.509 certificate identity specified in the configuration"

I transfered a workking WCF service from my development environment to the QA environment, including the certificates (Root Authority, Root Auth revocation list, Service certificate - including its PK). Afterward I located the private key usihg 'FindPrivateKey' and gave all the relavent accounts full permissions to access the private ke...

Getting a SSL connection to work with STUNNEL/Win32

The service I need to connect to has provided me three files and I'm trying to figure out what I need to create the Cert=xxx.PEM file that STUNNEL needs I have a "keystore.jks" file. Dumping that with keytool says it's a "Private key entry" I have a "truststore.jks" file. Dumping that says it's a "trusted certificate entry". The alias ...