X.509 is an ITU-T standard commonly used for public key infrastructure (PKI) and for privilege management infrastructure (PMI).
X.509 is an ITU-T standard for privilege management infrastructure (PMI) and a public key infrastructure (PKI).
Questions tagged [x509]
107 questions
0
votes
1 answer
How can I add alternate subject names when creating a CSR using xca?
openSUSE and SLES dropped their old CA management, now recommending to use xca.
While it was easy to add alternate subject names like hostname aliases or IP addresses in the old CA management, I could not find a way how to do it in xca.
So I wonder:…
U. Windl
- 366
- 3
- 17
0
votes
0 answers
Trouble Adding Public-Key Certificate to CAcerts
I am trying to add some public-key certificates to my CAcerts file. In the past I have done it by modifying the keystore directly as such:
keytool -keystore /etc/pki/java/cacerts -importcert -alias mail.mysite.com -noprompt -file myCert.pem
I have…
shepster
- 161
- 1
- 2
0
votes
1 answer
ADFS Client Certificate Authentication
I have ADFS on my environment and it's currently authenticating via active directory perfectly fine. I'm trying to enable certificate authentication so they can authenticate with their smart cards. Currently, the smart cards are imported into their…
Mlsracer
- 1
- 1
0
votes
1 answer
What are Groups in Kubernetes certificate signing requests?
In a Certificate signing request API object for a user, you have to specify a group.
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: myname
spec:
groups:
- system:authenticated
request:…
Tanchwa
- 1
- 1
0
votes
2 answers
Cross-sign third party DV cert with our own CA for high trust
I am looking to expand trust within our application by setting up mutual TLS between the customer service and our service. I am trying to wrap my head around this stuff as I am kinda new to this tech so would like to confirm my approach.
I am…
Decrypter
- 111
- 3
0
votes
0 answers
Submitting CSR to Microsoft CA from linux bash best practice
Similar questions:
https://stackoverflow.com/questions/31283476/submitting-base64-csr-to-a-microsoft-ca-via-curl
The link above presents an answer but it is far too complicated for me.
Below is an example that would work if our CA public and private…
researchbruz
- 1
- 1
0
votes
1 answer
manual certificate authentication for IMAPS
I'm running an IMAPS service and users are authenticated with an X.509 certificate.
It works fine using Thunderbird. But how I can connect to the IMAPS service manually using openssl? I use the same certificate with openssl s_client than in…
Micha
- 101
- 2
0
votes
1 answer
X.509 signed certificate validity
We are trying to generate server certificates for a cluster of Kafka servers to communicate over SSL.
The procedure works, but the resulting validity of the certificates is only 30 days.
We are requesting 365 days, and after "Step 1" (see below), we…
radumanolescu
- 103
- 2
0
votes
1 answer
Open SSL Error on Windows 10 - Converting a signed CSR from PEM to CRT
I am attempting to create an IPSec VPN connection with x.509 cert authentication for users.
What follows is a test to get things going and isn't a secure implementation. I will get a certificate from a trusted source when I get this working, in the…
S4M8
- 3
- 3
0
votes
1 answer
Demand user's x509 certificate from java web application only when required
My web application authenticates the user based on user's x509 certificate.
For now, I've configured tomcat for mutual authentication by setting "clientAuth=want".
However, as this certificate exchange happens during SSL handshake phase, I see…
Bhushan Karmarkar
- 103
- 3
0
votes
1 answer
Installing certificate installed through MMC for a service account
(Disclaimer: I have posted this question on StackOverflow, but from a developer point of view. I tried to rewrite the question to fit ServerFault conditions)
A custom service has to log on a remote server through an HTTPS connection, so with an SSL…
Amessihel
- 113
- 8
0
votes
0 answers
Client certificate works in Firefox but not when used in Internet Explorer (or Edge)
With a certain web site, a certain client certificate works fine with Firefox, but not with IE or Edge (all on Windows 10, as both IE and Edge behave the same, I'll use the term "IE/Edge" from now on).
The error shown in IE/Edge is (as usual) pretty…
David Balažic
- 458
- 1
- 7
- 19
0
votes
1 answer
OpenVPN Access Server - Encounter the Warning X509_V_ERR_CERT_HAS_EXPIRED but the cert is actually not expired yet
I was trying to connect to my company openvpn network via MacOS openvpn application and hitting the warning "The server vpn.my_company.com has an UNTRUSTED SSL certificate. Allow the connection to proceed?"
When clicking the "More details", the…
user87313
- 103
- 1
0
votes
0 answers
Error generating client certificate using openssl
Getting this error with openssl 1.1.1d when using the CA generated as shown:
openssl req -new -x509 -config ca.cnf -newkey rsa:4096 -sha256 -nodes -out ca-certificate.pem -outform PEM
openssl req -new -config client.cnf -newkey rsa:2048 -sha256…
L P
- 101
- 4
0
votes
2 answers
error when trying to add custom extensions to X509 certificates using openSSL
I am trying to add custom extensions to my self-signed certificate.
I tried the following
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -extfile myconfig.cnf -extensions v3_req
Error is
unknown option…
brain storm
- 163
- 2
- 3
- 7