Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [x509]

X.509 is an ITU-T standard commonly used for public key infrastructure (PKI) and for privilege management infrastructure (PMI).

X.509 is an ITU-T standard for privilege management infrastructure (PMI) and a public key infrastructure (PKI).

Related articles

107 questions
1
vote
2 answers

Create DER certificate+key from PEM

I'm not sure if it's even possible. Also, OpenSSL is one ugly motherlover of an utility :/ I need top upload certificate+private key as DER to ESET Security Management Center (ESMC), at least according to their technical support. I use XCA for this…
StanTastic
  • 860
  • 1
  • 8
  • 25
1
vote
2 answers

FreeIPA refuses to sign a VMWare certificate signing request (CSR)

I'm attempting to make VMWare's certificate authority (VMCA) v6.7 a trusted sub-CA of a FreeIPA certificate authority. I should be able to generate a certificate signing request within VMCA using either an interactive tool (certificate-manager) or…
ndemarco
  • 213
  • 1
  • 2
  • 13
0
votes
0 answers

Digital signing certificate for SOAP

I'm calling a third-party Web Service with SOAP requests. This service requires me to to sign my SOAP requests digitally. Regarding to How to buy a X.509 certificate for signing digital payloads question, I bought an Email Signing Certificate from…
Mikael H.
  • 1
  • 1
0
votes
1 answer

Edit x509v3 extended key usage in existing certificate-file

Is it possible to manually edit the key usage of a X509v3 certificate ? $ openssl x509 -in crt.crt -text ... X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: TLS Web Client…
user1511417
  • 131
  • 3
  • 6
0
votes
1 answer

Difference between openssl's verify and s_client

openssl verify gives me a 20 error code whereas s_client gives me a 1 return code and correctly gets the root certificate. Can anyone point me out to how to verify a downloaded certificate ? ychaouche@ychaouche-PC 10:30:22 ~/TMP/CERTS $ openssl…
ychaouche
  • 262
  • 4
  • 15
0
votes
1 answer

Preserve X509 client cert data from apache2 reverse proxy to jetty

I am not able to receive on jetty-9.3.14 the X509 client cert data which are submitted to apache2 and forwarded via ProxyPass directive. SSLVerifyClient require SSLVerifyDepth 5 SSLOptions -StdEnvVars +ExportCertData #…
473183469
  • 1,360
  • 1
  • 12
  • 23
0
votes
1 answer

How should a wildcard certificate be used?

I have a wildcard certificate (pfx file) and I have doubts on how to use that. Should I install that on all of my application servers or alternatively create a new certificate and sign it with the wildcard cert? I've read there are restrictions…
Silva
  • 3
  • 1
0
votes
3 answers

Detect unencrypted SSL keys

I have an OpenVPN server installed on a Debian machine. Is there a way to find which of the keys have been created without being encrypted with a password, so as to replace them?
user200913
  • 71
  • 1
  • 1
  • 9
0
votes
1 answer

Renewing a self-signed certificate

Is there a way to reset the expiry of a self signed X.509 certificate but keep both the public and the private key as they were? Technically this should be nothing more than a different date for the "Not After" tag and a fresh signature instead of…
aef
  • 1,745
  • 4
  • 25
  • 43
0
votes
1 answer

openssl Subject Public Key Info: RSA Public Key: (1024 bit) vs Public Key: (1024 bit)

I have a couple of certificates whose format seem pretty similar except for one thing I have checked the details of the cert by using the following openssl command openssl x509 -in certname -text In one of the certificates, the Subject Public Key…
user93353
  • 287
  • 1
  • 6
  • 17
0
votes
2 answers

How do I set up the DN for a SSL cert with a hostname of greater than 64 characters?

Everywhere I read says to have the server hostname in the commonName field and the subjectAltName field. The problem is that the hostname that I want to sign has greater than 64 characters. Therefore, the hostname wont fix in that field. I have seen…
chacham15
  • 103
  • 3
0
votes
1 answer

Error while converting der private key to pem

I have DER private key and certificate. I need to convert them to PEM format. Certificate converted normally, but when i try to convert key this error happens: # openssl x509 -in client-key.der -inform DER -out private.pem -outform PEM unable to…
Timur
  • 103
  • 1
  • 3
0
votes
1 answer

SSL certificate for Oracle Application Server 11g

I was asked to get an SSL certificate for an "Oracle Application Server 11g" which has a soon-to-expire certificate. Brushing aside the fact that 10g seems to be the newest version, I got a certificate from InCommon, as I usually do without problem…
Easter Sunshine
  • 256
  • 1
  • 5
  • 11
0
votes
1 answer

How to sign and encrypt all sended mail via sendmail\postfix

I have certificates x.509 for signing and enrypting outgoing emails. I want to create plain emails in some app (Ruby on Rails app in my case) and send it via sendmail with autosign and autocrypt solution. Is it possible?
petRUShka
  • 293
  • 2
  • 5
  • 16
0
votes
1 answer

How can you get x509 to work with Trac?

Hi I have been trying to find a way to get x509 certs for authentication for Trac but I could not find any plugins on TracHacks or tutorials on this. The closest I've seen so far is this post on google…
sasker
  • 101
1 2 3 4 5
6
7 8