Stack Overflow
Stack Overflow

Questions tagged [pkix]

PKIX is the Internet's PKI as specified by the Internet Engineering Task Force (IETF). PKIX details X509 certificate formats, issuing rules and validation rules.

PKIX is the Internet's PKI as specified by the Internet Engineering Task Force (IETF). PKIX details X509 certificate formats, issuing rules and validation rules in various Request for Comments (RFC).

Not all PKI's are PKIX. Organizations and government agencies can run a private PKI with rules that are different from PKIX. The documentation and rules for the US government's PKI is over 2000 pages.

User agents such as browsers use a different set of issuing policies than those specified in the RFCs. The browser issuing polices are provided by the CA/Browser Forum (CA/B Forum), and explains why browsers reject certificates that OpenSSL, Wget and other free software accept.

137 questions
0
votes
2 answers

Retrieve the expiry time of certificates in PEM format

I have a requirement to inform customers that their certificate is going to expire in some days so renew before that time work TLS encryption to work as expected. How do I retrieve the expiry time of certificates in PEM format?
user3387347
  • 59
  • 1
  • 6
0
votes
1 answer

Commands to renew a Java Keystore with a Symantec renewal using a new CSR (not the original CSR)

Two years ago, I got a VeriSign/Symantec SSL certificate. When initiating this request, we created a CSR on a random server that is not associated with the common name of the certificate. To create a Java Keystore, I did the following two…
JustBeingHelpful
  • 18,332
  • 38
  • 160
  • 245
0
votes
1 answer

www.googleadservices.com uses an invalid security certificate

www.googleadservices.com uses an invalid security certificate. www.googleadservices.com shows following issue: The certificate was signed using a signature algorithm that is disabled because it is not secure. HTTP Strict Transport Security: false…
Prabhu Nandan Kumar
  • 1,205
  • 12
  • 22
0
votes
0 answers

Browser accept self-signed certificate

I have created a self signed certificate like this #!/bin/bash EXPIRE=3650 if [ $# -gt 1 ]; then EXPIRE=$2 fi mkdir -p $1 cd $1 openssl genrsa 2048 > $1.key openssl req -new -x509 -nodes -sha1 -days $EXPIRE -key $1.key > $1.cert openssl…
Pascal
  • 2,059
  • 3
  • 31
  • 52
0
votes
0 answers

Why does CURL return SSL_ERROR_BAD_CERT_DOMAIN for *.mycomp

I have a certificate for *.mydomain, and trying to reach the host with https://my-host.mydomain . Here's the verbose output (scrambled a bit). curl https://my-host.mydomain --verbose * Rebuilt URL to: https://my-host.mydomain/ * Trying…
LOST
  • 2,956
  • 3
  • 25
  • 40
0
votes
1 answer

SoapUING - Groovy - HTTPBuilder - PKIX Path building Failed Error

I'm fairly new to Groovy & SoapUING. I hope someone can help me figure out and fix this error. Thanks! What I'm trying to do: Iterate through each db row item in a table and use that as input to make a HTTPBuilder request (GET or POST) either as a…
ssc
  • 35
  • 2
  • 9
0
votes
1 answer

Gradle Import Sun Security Exception

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Exception while Importing Gradle project in Eclipse…
Cherry
  • 11
  • 5
0
votes
1 answer

How do you make a null subject for BouncyCastle's X509v3CertificateBuilder?

We are switching from using X509V3CertificateGenerator to the new X509v3CertificateBuilder class. It insists on having an X500Name object for the subject, and throws an NPE if it's null. In our case, we want a null subject and will be using the…
nsayer
  • 16,925
  • 3
  • 33
  • 51
0
votes
2 answers

openssl generating valid certificate

I have generated an ssl certificate using openssl using the documentation given by them. I have followed the step by step perfectly. However, the certificate is showing that it is an invalid certificate and it is showing red line cross over on…
Sukumar MS
  • 748
  • 1
  • 11
  • 42
0
votes
1 answer

SSLHandshakeException - PKIX path building failed

I am trying to connect to server by following code TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } …
pro_newbie
  • 336
  • 2
  • 6
  • 19
0
votes
1 answer

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target?

I created a local keystore with keytool using java and done ssl configuration in Apache Tomcat. I have been installed certificate in my local machine, even added to the jre cacerts as a trustedentry. opening through browser via https is working…
Sagar Pudi
  • 4,634
  • 3
  • 32
  • 51
0
votes
1 answer

Java: HttpsUrlConnection - PKIX path building failed

I am trying to download the contents of an https url in Java, but when do I get this error. PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I have…
David Williams
  • 8,388
  • 23
  • 83
  • 171
0
votes
1 answer

how to import public certificate for tomcat

org.apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: basic constraints check failed:…
Shantanu
  • 201
  • 2
  • 6
  • 15
-1
votes
1 answer

Resolve/Avoid Exception in thread "main" javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath and 1 more

I'm trying to create a java app that will login to al local website. The problem is the "Exception in thread "main" javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to…
bajram sherifi
  • 47
  • 8
-1
votes
1 answer

Something doesn't make sense to me with regards to public keys

The server is sending data to the client and the client is using the public key to de-crypt the data. Simple enough. However, if someone with the public key is spoofing the line or gets his hands on the encrypted message packets, cant he/she steal…
user3363744
  • 167
  • 1
  • 9
1 2 3
9
10