Highest Voted 'pki' Questions

5

votes

1 answer

Are there any published extensions to PKCS#12?

PKCS#12 is a convenient way to lump together a private key with its corresponding X.509 certificate into a standardized single file format. However, the specification was published by RSALabs in 1999 and uses only RC4, RC2 and TripleDES for…

asked Mar 09 '12 at 08:43

Henrick Hellström

2,556
16
18

5

votes

2 answers

Yubico private key certificate signing no longer works with openssl3

I store my PKI CA certificate and private key on a Yubikey and used it to issue end user certificates but after upgrading to openssl3 from openssl1 this no longer works. The script that I have used to sign certificate requests which works with…

ssl openssl pki yubico hardware-security-module

asked Jun 09 '23 at 12:01

Paul

42
5
19

5

votes

3 answers

PKCS#11 driver prompts for PIN for each key

I am using CardOS API driver from Siemens as PKCS#11 driver to load certificates from a PKI card as follows: char[] pin = "123456".toCharArray(); KeyStore.PasswordProtection pp = new KeyStore.PasswordProtection(pin); KeyStore keyStore =…

java pki pkcs#11

asked Aug 09 '11 at 12:34

uı6ʎɹnɯ ꞁəıuɐp

3,431
3
40
49

5

votes

1 answer

OpenSSL generate and sign certificate with custom subject fields

I need to create and sign (I am CA) certificate with custom subject (, SERIALNUMBER=...,). So far I have modified openssl config file so I am able to inclde custom fields in subject. [ new_oids ] SERIALNUMBER = 1.2.3.4.1333 Problem is, that after…

certificate openssl pki x509 asn.1

asked Jun 28 '11 at 07:34

0xDEAD BEEF

2,074
7
31
46

5

votes

1 answer

What is the use of the responderID in the OCSP response?

I am not clear on the use of the responder ID in the definition of the OCSP response. I am doing OCSP checks via Java's PKIX APIs. Using a third party library I get (during the OCSP response…

java security cryptography pki ocsp

asked May 08 '11 at 21:17

Cratylus

52,998
69
209
339

5

votes

1 answer

C# How to send OCSP Request correctly using bouncy castle library?

OCSP request does not fall into the Audit log table when I send it using Bouncy Castle library. I don't understand why? What is wrong with my code and how to solve it? I have a client certificate and issuer certificate. I create two…

c# cryptography pki ocsp

asked May 17 '19 at 11:25

Freeedy

101
3
9

5

votes

2 answers

X.509 extensions for verifying JWT

I'd like to create a X.509 public key certificate to verify signatures, esp. JWT Tokens. I'd like to know which properties and extensions properties to set to which values on the certificate to restrict it for JWT verification. Unfortunately, the…

certificate jwt digital-signature x509 pki

asked Sep 18 '18 at 11:58

Waog

7,127
5
25
37

5

votes

4 answers

How to export private key from Windows Certificate Manager?

I'm developing in a Windows environment. My company functions as it's own certificate authority for internal-use https applications, and I've been issued a certificate from our system (for an internal-use only web server I've built). Using…

javascript node.js ssl https pki

asked Aug 17 '18 at 21:56

208_man

1,440
3
28
59

5

votes

2 answers

Certificate chain not transported to server

I use this method to register the client certificate into the server certificate. /** * Links the user's certificate into the server's keystore/truststore. * * @param server * The server party. * @return true if the…

java google-chrome ssl pki jks

asked Jan 27 '18 at 07:43

Grim

1,938
10
56
123

5

votes

3 answers

How to create a PKI in Java

I want create certificates to be stored on a database and i dont have any idea about how to do it, if exits an API or library help me do it Thanks

java security encryption cryptography pki

asked Nov 18 '10 at 20:22

user512673

51
1
1
2

5

votes

4 answers

Best (Free) Certificate management tools

I recently downloaded a neat java tool for managing certificate files - like PEM, PFX, etc.. From memory it was written in Java but, for the life of me i can't find it (cleared download list and non-obvious file name!). This led me to throw open…

pki

asked Jan 06 '09 at 08:49

Mark Hesketh

5

votes

0 answers

How to reload key from HSM by using openssl?

I'm using HSM via pkcs11 openssl engine. ENGINE_load_private_key() is used to load keys to use. It works fine, except after key pair generation: After generating a new key-pair to HSM, ENGINE_load_private_key() still returns the old…

openssl pki hsm openssl-engine

asked Nov 18 '16 at 11:56

SKi

8,007
2
26
57

5

votes

3 answers

kubernetes + coreos cluster - replacing certificates

I have a coreos kubernetes cluster, which I started by following this article: kubernetes coreos cluster on AWS TLDR; > kube-aws init > kube-aws render > kube-aws up Everything worked good and I had a kubernetes coreos cluster on AWS. In the…

amazon-web-services kubernetes pki coreos kubectl

asked Jul 17 '16 at 08:36

Yariv Katz

1,353
1
17
24

5

votes

1 answer

Convert a .cer file to .pfx file

My ultimate objective is to sign my exe. For this i would need a certificate. From my company's pKI i got a .cer file and .p7b (certificate chain) file. Now to sign an exe i need a .pfx file. So i want to convert a .cer file to .pfx file For this i…

ssl openssl pki

asked Apr 25 '16 at 08:54

saurav

5,388
10
56
101

5

votes

2 answers

Java - verifying certificate with system TrustStore

Premise: I have a certificate and I want to verify that the system 'trusts' this certificate (signed by a trusted root CA by Java / Operating System) I have found some varying solutions on how to accomplish this. Option 1: Use SSL classes to derive…

java security x509certificate pki truststore

asked Apr 13 '16 at 21:56

Spartan9209

549
5
10

Questions tagged [pki]