Questions tagged [pkix]

PKIX is the Internet's PKI as specified by the Internet Engineering Task Force (IETF). PKIX details X509 certificate formats, issuing rules and validation rules.

PKIX is the Internet's PKI as specified by the Internet Engineering Task Force (IETF). PKIX details X509 certificate formats, issuing rules and validation rules in various Request for Comments (RFC).

Not all PKI's are PKIX. Organizations and government agencies can run a private PKI with rules that are different from PKIX. The documentation and rules for the US government's PKI is over 2000 pages.

User agents such as browsers use a different set of issuing policies than those specified in the RFCs. The browser issuing polices are provided by the CA/Browser Forum (CA/B Forum), and explains why browsers reject certificates that OpenSSL, Wget and other free software accept.

137 questions

130

votes

12 answers

Invalid self signed SSL cert - "Subject Alternative Name Missing"

Recently, Chrome has stopped working with my self signed SSL certs, and thinks they're insecure. When I look at the cert in the DevTools | Security tab, I can see that it says Subject Alternative Name Missing The certificate for this site does …

asked Apr 27 '17 at 18:17

Brad Parks

66,836
64
257
336

votes

4 answers

Programmatically Create X509 Certificate using OpenSSL

I have a C/C++ application and I need to create a X509 pem certificate containing both a public and private key. The certificate can be self signed, or unsigned, doesn't matter. I want to do this inside an app, not from command line. What OpenSSL…

openssl ssl-certificate x509 pkix

asked Nov 02 '08 at 02:16

Tim

votes

4 answers

How do I get public key hash for SSL pinning?

How would I get the hash of a public certificate's info to be able to perform SSL Pinning in my application? I am using TrustKit in my iOS application and it is asking for me to set the hash that I am expecting. Where can I get this from?

ios ssl x509 pinning pkix

asked Nov 03 '16 at 15:06

mylogon

2,772
2
28
42

votes

6 answers

Error in JavaMail : PKIX path building failed unable to find valid certification path to requested target

I am trying to build an email client app in android and right now i want to configure the javaMail part. i am trying to establish the connection with the imap server but something is wrong with my code.. here is my code: package mailpackage; import…

java email ssl jakarta-mail pkix

asked Nov 21 '13 at 13:19

fnkbz

1,189
1
12
22

votes

6 answers

Programmatically verify certificate chain using OpenSSL API

This is very similar to other questions but the ones I've looked at either don't have an answer or don't quite ask the same question. I have a self-signed CA certificate, and two other certificates that are signed with that CA certificate. I'm…

c openssl x509 certificate-store pkix

asked Apr 30 '13 at 03:43

clemej

2,553
2
19
28

votes

1 answer

When a TrustManagerFactory is not a TrustManagerFactory (Java)

I am trying to add some additional JUnit test to an existing App-Server (TomCat) product. I have run into an issue with the (existing and fielded) custom TrustManager. This thing works fine in production, but during JUnit, gives exception. The…

java security ssl junit pkix

asked Feb 01 '13 at 20:41

David Beveridge

votes

2 answers

Options for Programmatically Adding Certificates to Java KeyStore

I was getting an SSL Handshake Exception error: PKIX "path does not chain" (described here). I fixed it by importing a certificate chain using openssl: openssl s_client -host www.envmgr.com -port 443 -showcerts > cert_chain.crt and installed it into…

java ssl keystore programmatically-created pkix

asked Jun 04 '14 at 17:03

IcedDante

6,145
12
57
100

votes

3 answers

Transform SSL .crt to kubernetes inline format

I have created self-signed user certificates for my kubernetes cluster and now want to distribute respective kubeconfig files to the users. How to I transform the .crt and .key files I used for the process to kubeconfig inline format? Here is a…

base64 kubernetes ssl-certificate pem pkix

asked Jan 19 '18 at 12:33

ChrJantz

votes

2 answers

How to pass trustStore property in gradle build script

I am trying to generate classes for a SOAP webservice through a gradle script. I am using a plugin gradle-jaxws-plugin which is available in maven central. My script looks like below: buildscript { repositories { mavenCentral() …

java ssl gradle pkix

asked Apr 18 '17 at 22:55

yogsma

10,142
31
97
154

votes

2 answers

SQL Server/Spring Boot: PKIX path building failed: unable to find valid certification path to requested target

I install SQL Server on my local computer and embedd it into my Spring Boot application. After starting Tomcat I get the following error: 'PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid…

java sql-server spring-boot ssl pkix

asked Aug 09 '22 at 12:05

taathy

votes

1 answer

golang x509.MarshalPKIXPublicKey vs x509.MarshalPKCS1PublicKey()

Can anyone help me understand the difference between MarshalPKIXPublicKey() and MarshalPKCS1PublicKey()? according to the comment: // MarshalPKIXPublicKey serialises a public key to DER-encoded PKIX format. // MarshalPKCS1PublicKey converts an RSA…

go rsa pkix

asked Apr 17 '18 at 11:09

Feng Xi

1,005
2
11
30

votes

5 answers

PKIX path building failed in Eclipse

i'm working with Liferay and i'm using eclipse, and running a client/server model, using an encrypted socket (SSL). Currently, my application is running the client/server connection ok when I run the application in batch mode but when i try to…

java eclipse ssl liferay pkix

asked Aug 09 '16 at 06:55

El0din

3,208
3
20
31

votes

3 answers

Android studio 4.1 Build Fail

I installed Android Studio 4.1. I get the "build fail" error. PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I have tried to change the Gradle…

android-studio classpath pkix android-studio-4.1

asked Oct 23 '20 at 03:20

Trần Hoàng Kim Long

votes

3 answers

Validating a certificate in java throws an exception - unable to find valid certificate path to requested target

I have a web app that requires a client to send it's certificate and the server has to validate the certificate(i.e see if the issuer is a valid issuer and present in the server's truststore). Here is the code : FileInputStream fin=new…

java certificate x509certificate keystore pkix

asked May 02 '12 at 09:54

Ashwin

12,691
31
118
190

votes

1 answer

What should a default environment be for client-side (X509) Certification

I have been building web downloaders over the years (e.g., using Apache HTTPClient and recently JBrowser [1]). These have worked OK till recently when some sites result in certification errors. I do not understand the details, and I cannot find a…

java macos x509certificate pkix

asked Feb 17 '20 at 10:02

peter.murray.rust

37,407
44
153
217

2 3

…

9 10 Next