Questions tagged [x509]

X.509 is an ITU-T standard commonly used for public key infrastructure (PKI) and for privilege management infrastructure (PMI).

X.509 is an ITU-T standard for privilege management infrastructure (PMI) and a public key infrastructure (PKI).

Related articles

106 questions
56
votes
9 answers

How to split a PEM file

Note : This is not really a question because I already found the answer but since I didn't find it easily here I will post it so that it can benefit others. Question : How to read a concatenated PEM file as the one used by apache/mod_ssl directive…
Cerber
  • 1,101
  • 1
  • 10
  • 23
36
votes
3 answers

Import of PEM certificate chain and key to Java Keystore

There are plenty of resources out there about this topic, but none I found which covers this slightly special case. I have 4 files; privatekey.pem certificate.pem intermediate_rapidssl.pem ca_geotrust_global.pem And I wish to import them into a…
Trollbane
  • 463
  • 1
  • 5
  • 4
33
votes
1 answer

Trusting an untrustworthy CA - Can I restrict how system trusts it?

(Posted to ServerFault instead of StackOverflow because I feel it concerns OS configuration more than programming code). I'm currently responsible for maintaining a system which connects to a third-party webservice. This webservice requires client…
Dai
  • 2,251
  • 8
  • 27
  • 42
31
votes
2 answers

Save Remote SSL Certificate via Linux Command Line

Can you think of any linux command-line method for saving the certificate presented by a HTTPS server? Something along the lines of having curl/wget/openssl make a SSL connection and save the cert rather than the HTTP response content. The gui…
Jim
30
votes
5 answers

Is a Self Signed SSL Certificate a False Sense of Security?

Is a Self Signed SSL certificate a false sense of security? If you are being eavesdropped, the user will simply accept the certificate like he/she always does.
Andre
  • 1,333
  • 4
  • 18
  • 31
24
votes
9 answers

Can I be my own trusted CA via an signed intermediate certificate?

Can I get a certificate from a root CA that I can then use to sign my own web server certificates? I would, if possible, use a signed certificate as an intermediate to sign other certs. I know that I would have to configure my systems in a certain…
Clint Miller
  • 1,141
  • 1
  • 11
  • 19
13
votes
1 answer

OCSP responder not present?

Am trying to set up OCSP validation routines, and so want to be comfortable with the environment first. Found excellent tutorials at for example OpenSSL: Manually verify a certificate against an OCSP. Multiple questions arise, so please bear with…
Robert Weaver
  • 231
  • 2
  • 3
9
votes
3 answers

How to configure IIS Express to ask for client certificate

Does anybody know how to configure IIS Express to require client certificate for access? I'm trying to debug a problematic ASP.NET application which uses client certificates for authentication.
Marko
  • 341
  • 1
  • 3
  • 9
8
votes
1 answer

extracting raw ASN.1 parts from X.509 certificate

I'd like to extract raw hex ASN.1 data from X.509 certificate. I know, that I can do this by using DER format and hexdumping it. I'm interested in particular parts like "subject", "issuer" and their raw hex ASN1 data.
mighq
  • 355
  • 3
  • 11
7
votes
2 answers

Revoked SSL certificate

We're using Paypal SDK here: https://github.com/paypal/PayPal-NET-SDK To help handle our webhooks. We've started receiving the exceptions: PayPal.PayPalException: Unable to verify the certificate(s) found at…
Tom Gullen
  • 375
  • 4
  • 7
  • 24
6
votes
2 answers

Limit on X509v3 Subject Alternative Name DNSname length

I have been searching through RFC 5280, 1034, and 1123 trying to figure out what a max string length is, but I can't find it. I'm wondering if any of you happen to know. For those of you who know about X509v3 certificates, you know that you can…
John Ruiz
  • 283
  • 1
  • 3
  • 9
6
votes
7 answers

OpenSSL x509 Purpose flag "Any Purpose" What is this?

Looking at the details of a certificate using the following: openssl x509 -noout -text -purpose -in mycert.pem I find a bunch of purpose flags (which I've discovered are set by the various extensions attached to a certificate). One of these purpose…
Nick
  • 203
  • 1
  • 2
  • 3
5
votes
1 answer

MongoDB rs.initiate error: replSetInitiate quorum check failed because not all proposed set members responded affirmatively

I have to start my own replica set with internal authentication enabled using X.509 certificates, but I failed. Any advice is welcome. MongoDB 3.2 x64 on Debian 8.2 x64. It is a problem from the MongoDB University course "M310: MongoDB Security". A…
Evgeni Nabokov
  • 151
  • 1
  • 2
  • 7
5
votes
1 answer

OPENSSL Save x509 certificate of a website

I can see the certificate with this command openssl s_client -host {HOST} -port 443 -prexit -showcerts How can I save the x509 cert of the website in a PEM - File?
user3653164
  • 153
  • 1
  • 1
  • 3
5
votes
2 answers

Can you generate a self signed certificate on Windows Server using CLI tools like certreq and certutil?

I need to quickly generate a self signed certificate on a Windows Server. I'd like to use the standard CLI tools that ship with it. I know I can use openssl.
Marinus
  • 227
  • 1
  • 3
  • 10
1
2 3 4 5 6 7 8