Questions tagged [x509]

In cryptography, X.509 is a standard for a public key infrastructure (PKI) for single sign-on (SSO) and Privilege Management Infrastructure (PMI).

X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

X.509 was initially issued on July 3, 1988 and was begun in association with the X.500 standard. It assumes a strict hierarchical system of certificate authorities (CAs) for issuing the certificates. This contrasts with web of trust models, like PGP, where anyone (not just special CAs) may sign and thus attest to the validity of others' key certificates. Version 3 of X.509 includes the flexibility to support other topologies like bridges and meshes (RFC 4158).

(From the Wikipedia article on X.509.)

1911 questions
0
votes
1 answer

x509Chain.build fails, certutil -verify passes

I have a root certificate and a leaf. The leaf has a CRL URL OID extension which points to a valid online location. Doing this: certutil -verify .\leaf.cer fails with ERROR: Verifying leaf certificate revocation status returned The revocation…
0
votes
1 answer

How to make sure Certificate is safe in WCF

WCF supports to use certificate to authenticate Client. If a malicious user steals client's certificate and creates connection with Server. Can Server know this? If we install certificate to Microsoft Certificate Store, how to make sure it is safe?…
Kerwen
  • 516
  • 5
  • 22
0
votes
1 answer

Build fails when build parameters contain `-gcflags"all=-N -l"` and import net/http In MacOS

When I try debug, go build parameters contains -gcflags "all=-N -l", and I import net/http, then build will be fail. I tried reinstalling golang using brew, not work. and tried using the offical installation after uninstalling, not work. And I'm try…
0
votes
1 answer

How to Decode composite custom extensions in x509 certificate in golang? With current code Error is : asn1: structure error: sequence tag mismatch

I am writing golang code to parse an X509 Certificate with custom extensions: The code is following: func (e *PckCert) ParseValue() error { var ext pkix.Extension var err error for i := 0; i < len(e.PckCertObj.Extensions); i++ { ext =…
Vikas Rai
  • 87
  • 12
0
votes
0 answers

python X509 zeep

I have some problems with the auth X509 using Python. I'm using zeep library and I am facing two different errors. The first one is: OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')] I receive…
ionpoint
  • 861
  • 6
  • 10
0
votes
1 answer

How to install certificate programmatically in IOS

I'm trying to install a certificate programmatically in IOS. I have successfully added the certificate using the following code : let rootCert = SecCertificateCreateWithData(kCFAllocatorDefault,data_array as NSData) var err: OSStatus = noErr let…
Json Paul
  • 1
  • 1
0
votes
1 answer

In C#, how do I create an invalid X509Chain?

The X509ChainStatusFlags enum contains a lot of possible values: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509chainstatusflags?view=netframework-4.8 Are there easy ways to construct a certificate and…
Claus Appel
  • 379
  • 1
  • 4
  • 13
0
votes
2 answers

Cannot extract certificate organization on some urls

I want to be able to look up a website and provide the registered organization for that website. For example get_company("google.com") -> Google LLC. However, some websites that are signed and display their certificates correctly when opened in…
0
votes
1 answer

Parsing X509 Certificate Bundles in nodeJS

I am trying to parse a x509 certificate bundle which is a pem file consisting of multiple certificates in the following format: -----BEGIN CERTIFICATE----- xxxx -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- xxxx -----END…
Coder
  • 79
  • 2
  • 9
0
votes
1 answer

Correctly generating certificates for JWT in Java

I am trying to use the simple example given here: https://github.com/auth0/java-jwt //HMAC Algorithm algorithmHS = Algorithm.HMAC256("secret"); //RSA RSAPublicKey publicKey = //Get the key instance RSAPrivateKey privateKey = //Get the key…
Vojtěch
  • 11,312
  • 31
  • 103
  • 173
0
votes
1 answer

How Verify X.509 Signature?

X.509 certificate has signature value. I want to verify the signature in client certificate with public key of root CA or intermediate CA. I know the information of both of them. But I don't know what messages needed. I want to ask what's the…
NWOWN
  • 399
  • 1
  • 4
  • 17
0
votes
1 answer

How can I add an email address Subject Alternative Name (SAN) in certtool's request template file?

On places like here, they say you can add a subject alternative name to a request.cfg file like so: # A subject alternative name URI #uri = "http://www.example.com" I don't want it to be a URI, though. I want an email address field. I don't see…
AlwaysQuestioning
  • 1,464
  • 4
  • 24
  • 48
0
votes
1 answer

Authenticate to Azure with certificate from Linux

I am trying to log in to Azure from a Powershell Core script with Az module. This requires using a self signed certificate that is uploaded to Azure. I tried creating a certificate using: openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650…
robliv
  • 1,351
  • 3
  • 15
  • 30
0
votes
0 answers

How can I access the trusted certificates in the operating system trust store from the browser/javascript?

I would like to verify a digital signature. I know which CA has created the signature. I need to know whether this CA is trusted in order to check whether the signature is valid or not. All of this has to happen within the browser. How can I ask the…
Patrick
  • 999
  • 1
  • 9
  • 21
0
votes
1 answer

How to configure kubernetes so that I could issue commands against the master machine from my laptop?

I'm trying to setup a cluster of one machine for now. I know that I can get the API server running and listening to some ports. I am looking to issue commands against the master machine from my laptop. KUBECONFIG=/home/slackware/kubeconfig_of_master…
Slackware
  • 960
  • 1
  • 13
  • 29
1 2 3
99
100