Stack Overflow
Stack Overflow

Questions tagged [x509]

In cryptography, X.509 is a standard for a public key infrastructure (PKI) for single sign-on (SSO) and Privilege Management Infrastructure (PMI).

X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

X.509 was initially issued on July 3, 1988 and was begun in association with the X.500 standard. It assumes a strict hierarchical system of certificate authorities (CAs) for issuing the certificates. This contrasts with web of trust models, like PGP, where anyone (not just special CAs) may sign and thus attest to the validity of others' key certificates. Version 3 of X.509 includes the flexibility to support other topologies like bridges and meshes (RFC 4158).

(From the Wikipedia article on X.509.)

1911 questions
317
votes
2 answers

How to convert .crt to .pem

How can I convert .crt to .pem?
Ali
  • 10,774
  • 10
  • 56
  • 83
305
votes
6 answers

How are ssl certificates verified?

What is the series of steps needed to securely verify a ssl certificate? My (very limited) understanding is that when you visit an https site, the server sends a certificate to the client (the browser) and the browser gets the certificate's issuer…
rcreswick
  • 16,483
  • 15
  • 59
  • 70
228
votes
7 answers

Extract public/private key from PKCS12 file for later use in SSH-PK-Authentication

I want to extract the public and private key from my PKCS#12 file for later use in SSH-Public-Key-Authentication. Right now, I'm generating keys via ssh-keygen which I put into .ssh/authorized_key, respective somewhere on the client-side. In…
lazydaemon
  • 2,429
  • 2
  • 17
  • 12
186
votes
24 answers

CryptographicException 'Keyset does not exist', but only through WCF

I have some code that makes a call to a third party web service that is secured using X.509 certification. If I call the code directly (using a unit test) it works without any problems. When deployed, this code will be called via a WCF Service. I…
Richard Ev
  • 52,939
  • 59
  • 191
  • 278
155
votes
5 answers

How can I transform between the two styles of public key format, one "BEGIN RSA PUBLIC KEY", the other is "BEGIN PUBLIC KEY"

How can I transform between the two styles of public key format, one format is: -----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY----- the other format is: -----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY----- for example I generated…
welkinwalker
  • 2,062
  • 3
  • 18
  • 21
133
votes
1 answer

How can I generate a self-signed certificate with SubjectAltName using OpenSSL?

I am trying to generate a self-signed certificate with OpenSSL with SubjectAltName in it.While I am generating the csr for the certificate, my guess is I have to use v3 extensions of OpenSSL x509. I am using : openssl req -new -x509 -v3 -key…
mohanjot
  • 1,490
  • 2
  • 11
  • 15
110
votes
21 answers

How to extract CN from X509Certificate in Java?

I am using a SslServerSocket and client certificates and want to extract the CN from the SubjectDN from the client's X509Certificate. At the moment I call cert.getSubjectX500Principal().getName() but this of course gives me the total formatted DN of…
Martin C.
  • 12,140
  • 7
  • 40
  • 52
96
votes
11 answers

How to read .pem file to get private and public key

I am writing a small piece of code which reads public and private key stored in .pem file. I am using the following commands to generate the keys. Below command to generate pair of key. $openssl genrsa -out mykey.pem 2048 This command to…
Rakesh
  • 3,987
  • 10
  • 43
  • 68
92
votes
4 answers

Programmatically Create X509 Certificate using OpenSSL

I have a C/C++ application and I need to create a X509 pem certificate containing both a public and private key. The certificate can be self signed, or unsigned, doesn't matter. I want to do this inside an app, not from command line. What OpenSSL…
Tim
88
votes
3 answers

Certificate subject X.509

According to the X.509, a certificate has an attribute subject. C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org This is the typical subject value. The question is what are the…
Sergey
  • 11,548
  • 24
  • 76
  • 113
71
votes
4 answers

How do I get public key hash for SSL pinning?

How would I get the hash of a public certificate's info to be able to perform SSL Pinning in my application? I am using TrustKit in my iOS application and it is asking for me to set the hash that I am expecting. Where can I get this from?
mylogon
  • 2,772
  • 2
  • 28
  • 42
65
votes
4 answers

What does "subject" mean in certificate?

The related link is this MSDN article. I am always confused about the term "subject", for example, sk option "Specifies the subject's key container location", sr option "Specifies the subject's certificate store location". What exactly does…
George2
  • 44,761
  • 110
  • 317
  • 455
64
votes
12 answers

Write x509 certificate into PEM formatted string in java?

Is there some high level way to write an X509Certificate into a PEM formatted string? Currently I'm doing x509cert.encode() to write it into a DER formatted string, then base 64 encoding it and appending the header and footer to create a PEM string,…
pizzathehut
  • 665
  • 1
  • 6
  • 5
50
votes
3 answers

Bouncycastle: X509CertificateHolder to X509Certificate?

In versions prior to r146 it was possible to create X509Certificate objects directly. Now that API is deprecated and the new one only deliveres a X509CertificateHolder object. I cannot find a way to transform a X509CertificateHolder to…
Steffen Heil
  • 4,286
  • 3
  • 32
  • 35
50
votes
2 answers

Generate and Sign Certificate Request using pure .net Framework

I am trying to use pure .net code to create a certificate request and create a certificate from the certificate request against an existing CA certificate I have available (either in the Windows Certificate store or as a separate file). I know that…
NineBerry
  • 26,306
  • 3
  • 62
  • 93
1
2 3
99 100