Does anyone know of a project / product that has standardized how to access/download x509/SSL certificates over HTTP? I have seen RFC 4387 but haven't found anyone who implements it. Basically, I am trying to setup a key server for an internal application. So short of implementing my own, does anyone have any suggestions? ...
The .NET class System.Security.Cryptography.X509Certificates.X509Extension does not support some X.509 extensions I want to parse (subject alternative name, name constraints). The MSDN page for this class states "Custom extensions can be registered in a CryptoConfig file" (link), but the description of the CryptoConfig class discusses o...
Hi, My project has a module which generates crl for revoked x509 certificates. However, the crl generation api provided by bouncy castle is fully 'memory' dependent and I don't think it will scale after some point in time. I also know that crl can be generated as deltas or in partitions. But is there an api which can generate crl witho...
Hi, Does anyone know how to invoke/display the Windows Certificate Export Wizard Programmically within C#.NET whilst providing an X509 Certificate? Many thanks ...
I have: x509 certificate (Base64); String data; Signature of string data (Base64). Is it possible to check signature? My code: bool valid = false; var signature = Convert.FromBase64String(base64Signature); var data = Encoding.UTF8.GetBytes(stringData); var x509 = new X509Certificate2(Convert.FromBase64String(certificate))...
I have just started working with X.509 certificates. Can any one tell me how to go about validating a certificate on linux? The use case is that my app had downloaded a certificate in a previous session and I have to check if it is still valid (i.e., not expired or revoked since it was stored) before starting a new session. I understand ...
Is there some high level way to write an X509Certificate into a PEM formatted string? Currently I'm doing x509cert.encode() to write it into a DER formatted string, then base 64 encoding it and appending the header and footer to create a PEM string, but it seems bad. Especially since I have to throw in line breaks too. ...
hi, I am pretty new to certificates, but I have to do something like this (in Java): 1) I have requestor's certificate in my hand: X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); 2) I need to request another url with that certificate (is it even possible?), something like:...
Does anyone have any friendly tips on how to perform client authentication via an x509 certificate using HTTPClient 4.0.1? Thank you for your time. ...
Is there any [non programming language specific] way to get hex versions of object identifiers? ex: OID 1.2.840.10040.4.1: dsa hex string = 2a 86 48 ce 38 04 01 there doesnt seem to be an easy to access list for them. im looking for the OIDs used in X509 certificates ...
Hi, I want to read issuer String from users public key with bouncy castle... is there any one have some code or something from which i can get help... ...
Hi, I am creating an app where I need to manage X.509 certificates programmatically. Till now I have been launching the certutil tool to create the cert database and add and delete certificates from it. The only task I am doing programmatically is to query the databse for a cert using CERT_FindCertbyName. However, I am thinking of remov...
Is there any way to tell the difference between data after flags and sub-flags after the flag? in a yahoo certificate i exported, there is a section with a0 2d a0 2b ..., where its all flags. on the other hand, the subject key ID is "a0 1e 6e 0c 9b 6e 6a eb d2 ae 5a 4a 18 ff 0e 93 46 1a d6 32". how would i tell the difference between whi...
We have a C# .NET http handler that we are trying to secure by using X509 certificates that are shared between our structure servers and a customer's work stations. However, there is relatively little documentation on how to handle 509 cert authentication on the code level. The client's cert will be attached to the web request, and the...
I am looking for an example or tutorial on how to make a Web Service call from within flash to a web-service that has been secured using a X509 Certificate, but I need to be able to do this in a manner that does NOT require the certificate to be installed to the client's machine, but rather loaded programmatically from within flash. I h...
Hello, I have to deal with certificates issued by the Swiss post office on USB tokens. There deliver two certificates on the same token. In their intended usage fields, one has "non repudiation" and the other "digital signature". Now, I can't understand what the practical difference between the two are: I've always seen both in the sam...
I am having a lot of trouble setting up an X509 certificate scheme in C#.NET. SSL is enabled on the server and the connection is being made over SSL. Certificates are being added to the request's store via request.ClientCertificates.Add(). However, no client certificate is being attached to the handshake request (which I am both confi...
X509 certificate has set of keyUsage bits. Two of them are digitalSignature nonRepudiation (recent editions of X.509 have renamed this bit to contentCommitment). I read X509 RFC (http://tools.ietf.org/html/rfc5280) and it talks about general usage of these bit. And I read PKCS7 RFC (http://tools.ietf.org/html/rfc2315) and it talks abou...
I'm making a SOAP handler that will be secured with X509 Certificates, and one of the requirements is that the program log as much as possible in an existing log viewer. Obviously, there are a lot of errors surrounding certificates that are handled at the IIS level, which in this case is not acceptable. I already have the logging part ...
I need an OID to use to add a custom extension (already ASN1.encoded) to an X.509v3/PKCS#7 digital signature. I don't care if it's interoperable; this is a private proprietary application (actually, a research project). Right now I actually don't even care if it's an OID that's in use in some proprietary application, although obviousl...