Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [x509]

X.509 is an ITU-T standard commonly used for public key infrastructure (PKI) and for privilege management infrastructure (PMI).

X.509 is an ITU-T standard for privilege management infrastructure (PMI) and a public key infrastructure (PKI).

Related articles

107 questions
61
votes
9 answers

How to split a PEM file

Note : This is not really a question because I already found the answer but since I didn't find it easily here I will post it so that it can benefit others. Question : How to read a concatenated PEM file as the one used by apache/mod_ssl directive…
Cerber
  • 1,221
  • 1
  • 13
  • 23
37
votes
3 answers

Import of PEM certificate chain and key to Java Keystore

There are plenty of resources out there about this topic, but none I found which covers this slightly special case. I have 4 files; privatekey.pem certificate.pem intermediate_rapidssl.pem ca_geotrust_global.pem And I wish to import them into a…
Trollbane
  • 473
  • 1
  • 5
  • 4
35
votes
2 answers

Save Remote SSL Certificate via Linux Command Line

Can you think of any linux command-line method for saving the certificate presented by a HTTPS server? Something along the lines of having curl/wget/openssl make a SSL connection and save the cert rather than the HTTP response content. The gui…
Jim
34
votes
1 answer

Trusting an untrustworthy CA - Can I restrict how system trusts it?

(Posted to ServerFault instead of StackOverflow because I feel it concerns OS configuration more than programming code). I'm currently responsible for maintaining a system which connects to a third-party webservice. This webservice requires client…
Dai
  • 2,290
  • 8
  • 27
  • 43
29
votes
5 answers

Is a Self Signed SSL Certificate a False Sense of Security?

Is a Self Signed SSL certificate a false sense of security? If you are being eavesdropped, the user will simply accept the certificate like he/she always does.
Andre
  • 1,341
  • 4
  • 19
  • 34
24
votes
9 answers

Can I be my own trusted CA via an signed intermediate certificate?

Can I get a certificate from a root CA that I can then use to sign my own web server certificates? I would, if possible, use a signed certificate as an intermediate to sign other certs. I know that I would have to configure my systems in a certain…
Clint Miller
  • 1,141
  • 1
  • 11
  • 19
13
votes
1 answer

OCSP responder not present?

Am trying to set up OCSP validation routines, and so want to be comfortable with the environment first. Found excellent tutorials at for example OpenSSL: Manually verify a certificate against an OCSP. Multiple questions arise, so please bear with…
Robert Weaver
  • 231
  • 2
  • 3
9
votes
3 answers

How to configure IIS Express to ask for client certificate

Does anybody know how to configure IIS Express to require client certificate for access? I'm trying to debug a problematic ASP.NET application which uses client certificates for authentication.
Marko
  • 341
  • 1
  • 3
  • 9
8
votes
1 answer

extracting raw ASN.1 parts from X.509 certificate

I'd like to extract raw hex ASN.1 data from X.509 certificate. I know, that I can do this by using DER format and hexdumping it. I'm interested in particular parts like "subject", "issuer" and their raw hex ASN1 data.
mighq
  • 355
  • 1
  • 3
  • 11
7
votes
2 answers

Revoked SSL certificate

We're using Paypal SDK here: https://github.com/paypal/PayPal-NET-SDK To help handle our webhooks. We've started receiving the exceptions: PayPal.PayPalException: Unable to verify the certificate(s) found at…
Tom Gullen
  • 385
  • 4
  • 8
  • 24
6
votes
1 answer

openssl certificate chain lost when converting from pem to der

I have a cetificate chain in .pem format from Letsencrypt, called fullchain.pem It has 2 certificates in the chain: keytool -printcert -v -file fullchain.pem |grep "Certificate fingerprints" |wc -l 2 When I convert it to .der using openssl x509 -in…
ArticIceJuice
  • 83
  • 1
  • 1
  • 4
6
votes
2 answers

Is it possible to generate openssl configuration file from an existing x509 certificate?

I am looking for a way to restore openssl configuration from an X509 certificate (or a csr). I know it's possible to look at the certificate and manually reconstruct the config file but it's unreliable and requires too much labor :P. Any…
cyc115
  • 163
  • 6
6
votes
2 answers

Limit on X509v3 Subject Alternative Name DNSname length

I have been searching through RFC 5280, 1034, and 1123 trying to figure out what a max string length is, but I can't find it. I'm wondering if any of you happen to know. For those of you who know about X509v3 certificates, you know that you can…
John Ruiz
  • 323
  • 1
  • 4
  • 9
6
votes
7 answers

OpenSSL x509 Purpose flag "Any Purpose" What is this?

Looking at the details of a certificate using the following: openssl x509 -noout -text -purpose -in mycert.pem I find a bunch of purpose flags (which I've discovered are set by the various extensions attached to a certificate). One of these purpose…
Nick
  • 203
  • 1
  • 2
  • 3
6
votes
1 answer

X509 certificates - Are there any naming conventions?

What are the naming conventions when buying certificates, if any? When buying a cert for TLS/HTTPS for a particular Server, naturally I will default to the server's name. For example, if the server is called MOONSERVER I would set the Subject of the…
joedotnot
  • 161
  • 4
1
2 3 4 5 6 7 8