Stack Overflow
Stack Overflow

Questions tagged [x509]

In cryptography, X.509 is a standard for a public key infrastructure (PKI) for single sign-on (SSO) and Privilege Management Infrastructure (PMI).

X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

X.509 was initially issued on July 3, 1988 and was begun in association with the X.500 standard. It assumes a strict hierarchical system of certificate authorities (CAs) for issuing the certificates. This contrasts with web of trust models, like PGP, where anyone (not just special CAs) may sign and thus attest to the validity of others' key certificates. Version 3 of X.509 includes the flexibility to support other topologies like bridges and meshes (RFC 4158).

(From the Wikipedia article on X.509.)

1911 questions
30
votes
6 answers

Programmatically verify certificate chain using OpenSSL API

This is very similar to other questions but the ones I've looked at either don't have an answer or don't quite ask the same question. I have a self-signed CA certificate, and two other certificates that are signed with that CA certificate. I'm…
clemej
  • 2,553
  • 2
  • 19
  • 28
30
votes
1 answer

How to read a RSA public key in PEM + PKCS#1 format

I have a RSA public key in PEM format + PKCS#1(I guess): -----BEGIN RSA PUBLIC…
Mr.Teen
  • 591
  • 1
  • 6
  • 17
28
votes
3 answers

How do I do TLS with BouncyCastle?

Does anybody know about examples of TLS with BouncyCastle? I was surprised by the lack of them on Internet. If there are really none, let's collect them as answers.
Jakub Adamek
  • 881
  • 1
  • 9
  • 10
28
votes
1 answer

How to programmatically install a certificate using C#

My school's web pages have self-trusted certificates (you must install them manually). I want to create a program that will install a certificate.cer (from Visual Studio resources) to the local user's Trusted root certificate authority. Do you know…
DroidBellmer
  • 301
  • 2
  • 4
  • 5
27
votes
6 answers

Generating RSA keys in PKCS#1 format in Java

When I generate an RSA key pair using the Java API, the public key is encoded in the X.509 format and the private key is encoded in the PKCS#8 format. I'm looking to encode both as PKCS#1. Is this possible? I've spent a considerable amount of…
Anthony
  • 399
  • 1
  • 6
  • 13
27
votes
4 answers

Sign JAX-WS SOAP request

I would like to write a JAX-WS web service that signs my SOAP messages using the http://www.w3.org/TR/xmldsig-core/ recommendation. With what I found on the internet I wrote a JAX-WS handler (SOAPHandler) that manages to change a…
AndrewBourgeois
  • 2,634
  • 7
  • 41
  • 58
27
votes
1 answer

How to create a signing certificate and use it in IdentityServer4 in production?

Most (all?) the sample code on the IdentityServer4 docs site uses AddDeveloperSigningCredential(), but recommends using AddSigningCredential() instead in production. I spent more hours than I care to think about trying to figure out how to do…
Rob
  • 1,214
  • 1
  • 11
  • 20
27
votes
2 answers

Maximum number of SAN (subject alternative names) allowed

Is there any limit for subject alternative names in X.509? Also are there any rules for the SAN?
NPC
  • 841
  • 2
  • 10
  • 18
26
votes
3 answers

Git LFS give x509: certificate signed by unknown authority

I have just setup an Ubuntu 18.04 LTS Server with Gitlab following the instructions from https://about.gitlab.com/install/#ubuntu. I have issued a ssl certificate from GoDaddy and confirmed this works with the Gitlab server. I have then updated…
EON CTO
  • 261
  • 1
  • 3
  • 4
26
votes
1 answer

Encrypt / Decrypt in C# using Certificate

I'm having trouble finding a good example in encrypting / decrypting strings in C# using a certificate. I was able to find and implement an example of signing and validating a signature, as shown below. Could someone point me to an easy, similar…
Ilya
  • 995
  • 1
  • 11
  • 17
26
votes
1 answer

snk vs. code signing certificate

In my organization we use snk files with strong names assemblies. We generate the snk ourselves. In addition we use a code signing signature on the binaries. We get the pfx from Verisign. What is the difference between these two processes? Isn't it…
Yaron Naveh
  • 23,560
  • 32
  • 103
  • 158
26
votes
4 answers

Self signed X509 Certificate with Bouncy Castle in Java

I need to create a self signed X509 Certificate with Bouncy Castle in Java, but every class I try to include is deprecated. How can I solve this? Is there some other class to include? Thanks
paola91
  • 339
  • 1
  • 5
  • 14
25
votes
2 answers

C# How can I validate a Root-CA-Cert certificate (x509) chain?

Let's say I have three certificates (in Base64 format) Root | --- CA | --- Cert (client/signing/whatever) How can I validate the certs and certificate path/chain in C#? (All those three certs may not be in my computer cert store) …
Jacob
  • 435
  • 1
  • 6
  • 12
25
votes
2 answers

X.509 Certificate validation with Java and Bouncycastle

through the bouncycastle wiki page I was able to understand how to create a X.509 root certificate and a certification request, but I do not quite understand how to proceed concept- and programming wise after that. Lets assume party A does a cert…
Rob
  • 251
  • 1
  • 3
  • 3
25
votes
6 answers

How do I initialize a TrustManagerFactory with multiple sources of trust?

My application has a personal keystore containing trusted self-signed certificates for use in the local network - say mykeystore.jks. I wish to be able to connect to public sites(say google.com) as well as ones in my local network using self-signed…
varrunr
  • 845
  • 1
  • 11
  • 19
1 2
3
99 100