Stack Overflow
Stack Overflow

Questions tagged [pki]

Public Key Infrastructure

PKI is a technical and/or organizational way to bind public keys with an identity. The most common types of PKI uses X.509 certificates (and in particular the IETF PKIX profiles).

823 questions
5
votes
1 answer

Access denied on Certutil -backupKey

I got access denied when trying to do a certutil -backupKey. I already have Domain Admin and access to the CA cert (Read, Issue/Manage Certificates, Manage CA, Request Certificates). What Am I missing? I need to export the backup with the private…
lulala
  • 637
  • 4
  • 12
  • 21
5
votes
1 answer

How do I perform the hardest possible SSL certificate check with .NET code?

We happen to run a REST API service that exposes an https:// endpoint. Recently we changed our SSL certificate and several users, mostly libcurl and Java users, complained that they no longer can validate the certificate and their programs refuse to…
sharptooth
  • 167,383
  • 100
  • 513
  • 979
5
votes
4 answers

How to generate an SSL client certificate from a disconnected network?

I have a unique situation where I need to implement client certificate authentication over HTTPS between IE browser and IIS 6. The browser and IIS are separated by a firewall that only allows the browser to connect to IIS on the SSL port. We have…
spoulson
  • 21,335
  • 15
  • 77
  • 102
5
votes
2 answers

Renewing a Certificate using PowerShell

I am trying to renew a certificate (on my local machine) that is going to expire shortly. I know to do this manually but I can't find a way to do this using Powershell. I've looked up PKIPS and QAD but they don't seem to have any cmdlets with regard…
Sridhar
  • 837
  • 1
  • 10
  • 21
5
votes
1 answer

InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

I am getting this weird error from my java code: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty The command I used to generate the keystore: keytool -genkey -alias tomcat -keystore keystore.jks Here…
bohanl
  • 1,885
  • 4
  • 17
  • 33
5
votes
3 answers

iPhone Simulator custom CA certificate

I'd like to test an application on the iphone simulator which connects to a service using a certificate which is signed by our own CA. I can do this on the actual device by adding a provisioning profile which has the CA certificate. I had thought…
jr.
  • 4,503
  • 7
  • 44
  • 62
5
votes
1 answer

How to tamper a X509 format certificate?

I used openssl command line tool to generate a CA signed certificate. now I need to tamper it to generate the signature mismatch error. Is there any tool available to tamper the X509 certificate.
Balamurugan
  • 2,259
  • 8
  • 33
  • 48
5
votes
1 answer

encode() with private key in "AndroidKeyStore" return null

With Android 4.3, this code return null. KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); keyStore.setKeyEntry(alias, privateKey, null, certificateChain); PrivateKeyEntry…
pprados
  • 1,127
  • 12
  • 21
5
votes
1 answer

How to build a RFC 3161 time stamp using Bouncy Castle

we need to implement our own PDF timestamping mechanism based on X509 certificate (including private key of course) and RFC 3161. I've googled and asked here on SO and proper solution would be to re-implement TSAClient class to do timestamping…
user3232054
  • 65
  • 1
  • 5
5
votes
6 answers

Serial Number of a X.509 Certificate

I am programming a Certification Authority in java for a uni class, now I don't know what's the best option for the serial number of the Certificate. Simple static counter from 0 to veryBigNumber some huge BigInt random number Is there any good…
woolagaroo
  • 1,542
  • 2
  • 22
  • 31
4
votes
2 answers

Created a certificate using SecCertificateCreateWithData on iOS

I want to create a certificate programmatically within an iOS app. The closest API I could find is SecCertificateCreateWithData which requires a DER encoded binary input. Given that I have all the data needed available as runtime objects, How can I…
Jamil
  • 641
  • 1
  • 7
  • 17
4
votes
1 answer

git verify trusted tags

I would like to include git tag -v command into the deployment process to catch unsigned tags or tags signed by a non-trusted GPG key. The command returns with an exit code of 0 if the tag has a valid signature, but does not care wether the signed…
Yarek T
  • 9,715
  • 2
  • 28
  • 38
4
votes
1 answer

C# - OPC-UA server application has not been created PKI certificate in Linux machine

When I run OPC-UA server C# application in windows machine then OPC-UA server has created a certificate path C:\ProgramData\OPC Foundation\pki\own and generates some certificates inside this path, but when I installed OPC-UA server in Linux machine…
Md Shahnewaz
  • 121
  • 4
4
votes
1 answer

Save a SecKeyRef Asymmetric Key Pair to disk as a Certificate

I have created two SecKeyRef items via SecKeyGeneratePair, but now I would like to turn the public key into a x509 Digital Certificate – and/or both the public and private keys into a PKCS #12 (.p12) certificate – and save it to disk as a file. This…
redbeard
  • 348
  • 4
  • 17
4
votes
1 answer

SecTrustEvaluate returns kSecTrustResultRecoverableTrustFailure on iOS 5

Working to update an application I have to iOS5 after reports of it not working with the beta. The problem is tracked down to the fact that our custom SSL certificate verification is no longer working. In the didReceiveAuthenticationChallenge…
jr.
  • 4,503
  • 7
  • 44
  • 62
1 2 3
54 55