X.509 is an ITU-T standard commonly used for public key infrastructure (PKI) and for privilege management infrastructure (PMI).
X.509 is an ITU-T standard for privilege management infrastructure (PMI) and a public key infrastructure (PKI).
Questions tagged [x509]
107 questions
5
votes
1 answer
MongoDB rs.initiate error: replSetInitiate quorum check failed because not all proposed set members responded affirmatively
I have to start my own replica set with internal authentication enabled using X.509 certificates, but I failed. Any advice is welcome.
MongoDB 3.2 x64 on Debian 8.2 x64.
It is a problem from the MongoDB University course "M310: MongoDB Security".
A…
Evgeni Nabokov
- 151
- 1
- 2
- 7
5
votes
1 answer
OPENSSL Save x509 certificate of a website
I can see the certificate with this command
openssl s_client -host {HOST} -port 443 -prexit -showcerts
How can I save the x509 cert of the website in a PEM - File?
user3653164
- 153
- 1
- 1
- 3
5
votes
2 answers
Can you generate a self signed certificate on Windows Server using CLI tools like certreq and certutil?
I need to quickly generate a self signed certificate on a Windows Server.
I'd like to use the standard CLI tools that ship with it.
I know I can use openssl.
Marinus
- 227
- 1
- 3
- 10
4
votes
2 answers
Can I restrict an intermediate CA to only sign client certificates?
I want to use SCEP to give out client certificates, probably using ADCS. We already have an internal offline root CA in place (securely in a safe, only used for signing and revoking intermediate certificate authorities), and this root is trusted by…
Roel Harbers
- 143
- 4
4
votes
1 answer
Apache not Forwarding Client x509 Certificate to Tomcat via mod_proxy
I am having difficulties getting a client x509 certificate to be forwarded to Tomcat from Apache using mod_proxy.
From observations and reading a few logs it does seem as though the client x509 certificate is being accepted by Apache. But, when…
hooknc
- 235
- 2
- 3
- 7
4
votes
1 answer
x509 extensions: can the "extnValue" be empty?
I'm writing a script that parses x509 certificates. x509 v3 certificates have extensions which are an ASN.1 sequence containing an OID, a critical flag, and an octetString called extnValue.
For the basicConstraints extension, the extnValue is…
pinhead
- 143
- 4
3
votes
1 answer
How does one change the certificate and key for https
We have a server whose original PKI certificate was issued by a discontinued root CA. We have a replacement certificate issued from a different root authority chain. This site was set up some time ago with Strict-Transport-Security…
James B. Byrne
- 337
- 1
- 4
- 14
3
votes
0 answers
x509 certificate not valid for any names when added IP address to openssl.cnf
A self-signed certificate works well while the command used to generate it on a ubuntu machine is:
openssl req -x509 -newkey rsa:4096 -keyout private.key -out cert.crt -days 365 -nodes
If the client side uses an IP address instead of the domain…
minghua
- 171
- 1
- 1
- 8
3
votes
0 answers
The revocation function was unable to check revocation for the certificate 0x80092012
Please help me to deal with self-signed revocation check
I've used makecert.exe to create root and client certificate
The problem is that certutil fails to check certificate with error
The revocation function was unable to check revocation for the…
oleksa
- 130
- 7
3
votes
0 answers
Is there an extension of host to host ipsec to a many-many configuration?
Having a typical host to host transport mode ipsec configuration,
conn appserver01-to-swift01
leftid=@appserver01.server.com
left=10.133.176.246
leftrsasigkey=xxxxxxxxxxxxxxxxxxxxxxxx
rightid=@swift01.server.com
…
user22866
- 151
- 6
3
votes
2 answers
Openssl Custom Extension
I know how to create x509 certificates with the openssl command line. But now I want to create one with a custom extension. How can I do this with openssl command line?
user93353
- 287
- 1
- 6
- 17
3
votes
2 answers
Any open source web based X509 PKI tool?
Want to setup a CA, but it's hard to find a good web based X509 PKI tool, any recommend?
timy
- 699
- 1
- 7
- 14
3
votes
3 answers
Client-side certificates
My company purchased a wildcard certificate from a vendor. This certificate was successfully configured with Apache 2.2 to secure a subdomain. Everything on the SSL side works.
Now I'm required to generate x509 client-side certificates to issue for…
walshms
- 55
- 3
2
votes
2 answers
Why would Chrome ignore the X509v3 Subject Alternative Name in my cert?
I have a cert that include an X509v3 Subject Alternative setting, but Chrome 67.0.3396.99 is saying the Subject Alternative Name is missing even though it looks like it's included in the cert.
Here's the X509v3 portion of the cert as per openssl…
pwan
- 257
- 3
- 14
2
votes
3 answers
Configuring a Unified Communications Certificate for many virtual hosts running in Jetty
I have a single IP with Jetty serving up X sites on port 80. Basically you can sign up for our service, then point your domain www.mycompany.com to that IP, and Jetty will serve up your custom site.
I would like to add SSL support for all sites. To…
rcampbell
- 1,035
- 4
- 14
- 24