x509

Is there a standard way to run a x509 key server?

Does anyone know of a project / product that has standardized how to access/download x509/SSL certificates over HTTP? I have seen RFC 4387 but haven't found anyone who implements it. Basically, I am trying to setup a key server for an internal application. So short of implementing my own, does anyone have any suggestions? ...

Custom extensions in System.Security.Cryptography.X509Certificates

The .NET class System.Security.Cryptography.X509Certificates.X509Extension does not support some X.509 extensions I want to parse (subject alternative name, name constraints). The MSDN page for this class states "Custom extensions can be registered in a CryptoConfig file" (link), but the description of the CryptoConfig class discusses o...

Streaming api for reading/writing certification revocation list in java

Hi, My project has a module which generates crl for revoked x509 certificates. However, the crl generation api provided by bouncy castle is fully 'memory' dependent and I don't think it will scale after some point in time. I also know that crl can be generated as deltas or in partitions. But is there an api which can generate crl witho...

Invoke Windows Certificate Export Wizard .NET

Hi, Does anyone know how to invoke/display the Windows Certificate Export Wizard Programmically within C#.NET whilst providing an X509 Certificate? Many thanks ...

Check signature for x509 certificate

I have: x509 certificate (Base64); String data; Signature of string data (Base64). Is it possible to check signature? My code: bool valid = false; var signature = Convert.FromBase64String(base64Signature); var data = Encoding.UTF8.GetBytes(stringData); var x509 = new X509Certificate2(Convert.FromBase64String(certificate))...

validating X.509 certificate on linux

I have just started working with X.509 certificates. Can any one tell me how to go about validating a certificate on linux? The use case is that my app had downloaded a certificate in a previous session and I have to check if it is still valid (i.e., not expired or revoked since it was stored) before starting a new session. I understand ...

Write x509 certificate into PEM formatted string in java?

Is there some high level way to write an X509Certificate into a PEM formatted string? Currently I'm doing x509cert.encode() to write it into a DER formatted string, then base 64 encoding it and appending the header and footer to create a PEM string, but it seems bad. Especially since I have to throw in line breaks too. ...

Getting SSL context for HttpsURLConnection from X509Certificate

hi, I am pretty new to certificates, but I have to do something like this (in Java): 1) I have requestor's certificate in my hand: X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); 2) I need to request another url with that certificate (is it even possible?), something like:...

Mutual Authentication with x509 Certificates using HttpClient 4.0.1

Does anyone have any friendly tips on how to perform client authentication via an x509 certificate using HTTPClient 4.0.1? Thank you for your time. ...

how to convert object identifiers to hex strings

Is there any [non programming language specific] way to get hex versions of object identifiers? ex: OID 1.2.840.10040.4.1: dsa hex string = 2a 86 48 ce 38 04 01 there doesnt seem to be an easy to access list for them. im looking for the OIDs used in X509 certificates ...

want to read issuer String from users public key

Hi, I want to read issuer String from users public key with bouncy castle... is there any one have some code or something from which i can get help... ...

Managing NSS cert database programmatically

Hi, I am creating an app where I need to manage X.509 certificates programmatically. Till now I have been launching the certutil tool to create the cert database and add and delete certificates from it. The only task I am doing programmatically is to query the databse for a cert using CERT_FindCertbyName. However, I am thinking of remov...

How to recognize x509 flags

Is there any way to tell the difference between data after flags and sub-flags after the flag? in a yahoo certificate i exported, there is a section with a0 2d a0 2b ..., where its all flags. on the other hand, the subject key ID is "a0 1e 6e 0c 9b 6e 6a eb d2 ae 5a 4a 18 ff 0e 93 46 1a d6 32". how would i tell the difference between whi...

X509 Certificate for securing http handler - what is secure enough'?

We have a C# .NET http handler that we are trying to secure by using X509 certificates that are shared between our structure servers and a customer's work stations. However, there is relatively little documentation on how to handle 509 cert authentication on the code level. The client's cert will be attached to the web request, and the...

Flash to Make WebService call with x509 Certificate

I am looking for an example or tutorial on how to make a Web Service call from within flash to a web-service that has been secured using a X509 Certificate, but I need to be able to do this in a manner that does NOT require the certificate to be installed to the client's machine, but rather loaded programmatically from within flash. I h...

X509: What's the difference between digital signature and non-repudiation

Hello, I have to deal with certificates issued by the Swiss post office on USB tokens. There deliver two certificates on the same token. In their intended usage fields, one has "non repudiation" and the other "digital signature". Now, I can't understand what the practical difference between the two are: I've always seen both in the sam...

Using certutil to check certificate responses

I am having a lot of trouble setting up an X509 certificate scheme in C#.NET. SSL is enabled on the server and the connection is being made over SSL. Certificates are being added to the request's store via request.ClientCertificates.Add(). However, no client certificate is being attached to the handshake request (which I am both confi...

Should X509 certificate have nonRepudiation bit set to check PKCS7 signature?

X509 certificate has set of keyUsage bits. Two of them are digitalSignature nonRepudiation (recent editions of X.509 have renamed this bit to contentCommitment). I read X509 RFC (http://tools.ietf.org/html/rfc5280) and it talks about general usage of these bit. And I read PKCS7 RFC (http://tools.ietf.org/html/rfc2315) and it talks abou...

Catching IIS-level certificate errors in C# code

I'm making a SOAP handler that will be secured with X509 Certificates, and one of the requirements is that the program log as much as possible in an existing log viewer. Obviously, there are a lot of errors surrounding certificates that are handled at the IIS level, which in this case is not acceptable. I already have the logging part ...

How can I determine a valid OID to use to extend an X.509-compliant digital signature?

I need an OID to use to add a custom extension (already ASN1.encoded) to an X.509v3/PKCS#7 digital signature. I don't care if it's interoperable; this is a private proprietary application (actually, a research project). Right now I actually don't even care if it's an OID that's in use in some proprietary application, although obviousl...