I have a WCF client/service app that relies on secure communication between two machines and I want to use use x509 certificates installed in the certificate store to identify the server and client to each other. I do this by configuring the binding as <security authenticationMode="MutualCertificate"/>. There is only client machine. The...
I am installing a windows service on a new machine. The service does various operations over SslStream over TCP, which uses the certificate in problem. The service has been operating fine with the same code and same certificate on other 2 windows 2003 machines. But, this new machine is Windows 2003 with 64 bit processor too. I am runni...
I want to use the Win32 OpenSSL binaries from Shining Light Productions for the sole purpose of generating self-signed certificates. Unfortunately, my PC has a newer version of Visual C++ 2008 Redistributables, instead of the version recommended by Shining Light Productions. Since I didn't see any static builds on the download page, wha...
I need to write a simple program for work that does the following: read a config file connect to a bunch of servers establish a ssl socket pull info form the server's x509 cert, expire date and hostname for now email a report when its done items 3 and 4 are things that I have had bad luck researching/googleing and I do not know java ...
ENVIRONMENT: In an active directory environment we are using ActivClient to copy a digital signing certificate from a smart card to the current user store upon smart card insertion. The smart card certificate is equipped only with digital signature, non-repudiation purposes. PROBLEM: After the certificate is copied from the smart car...
I'm trying to generate a self-signed certificate in ruby, but am running into trouble. This is what I currently have right now: require 'openssl' if ARGV.length != 3 then puts "USAGE: #{__FILE__} <type[der|pem]> <private-out> <public-out>" exit end type = ARGV[0].downcase privateKeyFile = ARGV[1] publicKeyFile = ARGV[2] valu...
I have implemented a web service with server and client authentication using keytool. The problem is that this authentication doesn't work if I don't include the name of the host in it. For example: keytool -genkey -alias myAlias -keyalg RSA -keypass myPassword -storepass myPassword -keystore my.keystore -dname "CN=myhost" But I don't...
I am trying to pass a client certificate to a server using the code below however I still revive the HTTP Error 403.7 - Forbidden: SSL client certificate is required. What are the possible reasons the HttpWebRequest would not send the client certificate? var clientCertificate = new X509Certificate2( @"C:\Development\TestClient.pfx", "...
I understsand that if I want to use authentication in WCF then I need to install a certificate on my server which WCF will use to encrypt data passing between my server and client. For development purposes I believe I can use the makecert.exe util. to make a development certificate. What is the worst that can happen if I use this certi...
Hi ! I have a WCF service hosted on a windows service on my Server1. It also has IIS on this machine. I call the service from a web app and it works fine. But within this service, I have to call another WCF sevice (also hosted on a windows service) located on Server2. The security credentials are set to "Message" and "Username". I have ...
Hi all, for a project we will be doing webbased certificate enrollment, in Vista / Win7 combination with IE this gives some problems if the user does not import the root certificate first and then changes a lot of default IE settings (Enable ActiveX not marked safe for scripting etc....). I was wondering if any of you ever created a tes...
I'm trying to figure out how to, using m2crypto, validate the chain of trust from a public key version of a X509 certificate back to one of a set of known root CA's when the chain may be arbitrarily long. The SSL.Context module looks promising except that I'm not doing this in the context of a SSL connection and I can't see how the infor...
Hi , I am new to java security. I have a certificate which is signed with a self signed root certificate .Say client.pem is the signed certificate and root.pem is the root certificate. The signed certificate is embedded into the client program. When connection is made it to the server program. Ineed to verify the call is from authe...
Hi, Can anybody point me to an example of verifying a X.509 certificate with Bouncy Castle under Java ME? I can see how to easily do this in Java SE code with java.security.cert.Certificate.verify(), but I could not find an equivalent method in the lightweight BC API. Thanks in advance! Cheers Dino ...
I'm trying to translate the follow Java into its Python equivalent. // certificate is contents of https://fps.sandbox.amazonaws.com/certs/090909/PKICert.pem // signature is a string that I need to verify. CertificateFactory factory = CertificateFactory.getInstance("X.509"); X509Certificate x509Certificate = (X509Certifi...
Hi I have inherited a conventional three tier web app with ASP.net 2.0 for the UI, .Net web services (ASMX) in the middle tier and SQL Server 2005 for the DB. This is currently an intranet application with the only users being company employees. Currently the application uses Active Directory (AD) authentication. At the login screen, t...
Hi, I am trying to import an outlook PST file to my application running on Mac OS X. The PST file consists of contacts created in Outlook. The contacts have X509 certificates added to them. The problem I am facing is ASN decoding of the certificate fails. I have read somewhere that there is extra data before and after the certificate ...
I would expect that if I have a X509 cert as an object in memory, saved it as a pem file, then loaded it back in, I would end up with the same cert I started with. This seems not to be the case however. Let's call the original cert A, and the cert loaded from the pem file B. A.as_text() is identical to B.as_text(), but A.as_pem() differs...
I am trying to send the output from the find command to OpenSSL in order to find out when certificates expire. This finds the files find . -name \*.pem -type f This generates the cert info I want openssl x509 -in certname.pem -noout -enddate Can I merge these two? Thanks for your help. ...
Hi My component is responsible for downloading files from the server. As part of file validation I have used CAPICOM (SignedCode object) to validate if a certificate contains a specific string and call to Validate method of the SignedCode object. In case the file contains certificate without a requested string in the name, user was prom...