Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [x509]

X.509 is an ITU-T standard commonly used for public key infrastructure (PKI) and for privilege management infrastructure (PMI).

X.509 is an ITU-T standard for privilege management infrastructure (PMI) and a public key infrastructure (PKI).

Related articles

107 questions
1
vote
1 answer

Integrity of Request/X509 Alternative Name/Extension Information

Am I correct in assuming that there's protection against the modification of both the subject and the extension information in a request or X509 certificate? This signature is just another element embedded in the ASN.1 encoding?
Dustin Oprea
  • 560
  • 2
  • 8
  • 19
1
vote
1 answer

Strongswan with X.509 authentication and LDAP authorization

I would like to setup Strongswan/Libreswan with PKI authentication. Now I have searched and found only how to configure specific accepted client certificates like here: …
MemCtrl
  • 118
  • 2
  • 10
1
vote
1 answer

Convert EC2 ssh .pem key to Azure X.509 certificate?

Normally I use a pem file to login into my ec2 instance via ssh -i key.pem Now, in Azure, their requirement during instance creation is UPLOAD AN SSH KEY OR PROVIDE A PASSWORD FOR AUTHENTICATION You can upload an X.509 certificate (in .cer or .pem…
Howard
  • 2,135
  • 13
  • 48
  • 72
1
vote
2 answers

How does OpenSSL determine that a certificate is for a root CA?

I have a Verisign intermediate certificate that was issued by a Verisign root CA. But when I ask OpenSSL to validate the chain without providing the root CA certificate, OpenSSL says the chain is valid. Why? The subject and issuer fields in the…
Rob H
  • 629
  • 1
  • 7
  • 15
1
vote
1 answer

How can I renew the SSL certificate used on our Exchange server?

According to the MSDN article Renew an Exchange Certificate, I'm supposed to use Get-ExchangeCertificate -Thumbprint 'AD19B141228C7CF98B5F78DCED978B7C45E15434' | New-ExchangeCertificate -GenerateRequest -PrivateKeyExportable $true This will…
Oliver Salzburg
  • 4,635
  • 17
  • 55
  • 82
1
vote
3 answers

Install X509 certificate into Windows 2008 R2

I'm trying to install a certificate into my windows 2008 but I'm not able to do it right. I have a .crt file and I click to install from contextual menu. It succeed to import but if I browse the certificate store (personal -> local computer) it is…
StackOverflower
  • 257
  • 2
  • 6
  • 12
1
vote
1 answer

Renew SSL client certificates

For a internally used webbased software, which must be available from everywhere, I have created client certificates which are installed in the browsers of authorized consumers. Now, with 2012 being over, all of them are expired and need a…
Michel Feldheim
  • 218
  • 3
  • 7
1
vote
0 answers

Apache SSL x509 authentication timeout

I have setup a location to enable client authentication based on x509 certificates: SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 10 The authentication is done by unlocking the smartcard with a PIN.…
rthill
  • 31
  • 4
1
vote
2 answers

Exchange 2010 can't find SSL certificate that exists

I'm trying to set up TLS for the POP3 server in the Exchange CAS role. I purchased a cert from NameCheap, and the CA path is fully trusted, and installed it within the Certificates MMC snap-in without any trouble. However Exchange 2010 doesn't seem…
Dai
  • 2,290
  • 8
  • 27
  • 43
1
vote
0 answers

Kubernetes: using an intermediate CA which certificate is signed by a self-signed root CA certificate

Does anyone use own certificate chains for Kubernetes clusters? There's an issue with such kind of setup, and I would be grateful for any ideas on how to solve it. Let's assume we have a Root CA which certificate is self-signed. Also we have an…
Volodymyr Melnyk
  • 577
  • 1
  • 5
  • 19
1
vote
0 answers

How to export the details of a digital certificate (.cer file) to a csv file using powershell?

I have a digital certificate that I'm using for a specific task. I need to export the details of the certificate such as the serial number and issuer to a csv file that is already on my computer using PowerShell. Please keep in mind this is a…
Darius
  • 11
  • 1
1
vote
1 answer

Why my signed certificate is not accepted by IOS (valid in Firefox)

I tried to generate my own CA with TLS Server Certificates. In Firefox I also do not have problems and the certificate is accepted after import of the root certificate. But after importing the root certificate to IOS and opening the site I get the…
Maik
  • 111
  • 1
1
vote
0 answers

x509 + asn1: are subjectAltName elements explicit or implicit?

From https://www.rfc-editor.org/rfc/rfc5280: SubjectAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName GeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] …
pinhead
  • 143
  • 4
1
vote
1 answer

How can I make a CA certificate with `certtool`?

I can make a self-signed CA certificate with the openssl command by putting the line basicConstraints = critical,CA:true in the appropriate section of a configuration file and using it: openssl req -new -x509 -config myconfig.cnf ... But I'm having…
Ken Jackson
  • 113
  • 4
1
vote
1 answer

How to properly generate an x509 certificate with restricted usage

I'm putting certificates into a repository that will not allow a successive certificate with more limited usage than the previous one. I need an initial dummy cert/key/chain to bootstrap the process whose usages are not more open than Let's Encrypt…
user1169420
  • 125
  • 4
1 2 3 4
5
6 7 8