All Questions
38
questions
2
votes
1
answer
124
views
What happens if the startdate of a CA is later that the startdate of a X509 certificate signed by it?
I am in the process of extending the lifetime of a private CA creating a new certificate with the same name, serial number, private/public keys, etc. The only change would be the "startdate" ...
1
vote
1
answer
2k
views
keytool error: java.security.cert.CertificateParsingException: signed fields invalid
I have a X509 certificate pem file I got from Mongo Atlas. I'm trying to import it into the keystore like so:
keytool -importcert -file X509-cert.pem -alias myalias -keystore mykeystore.p12 -storetype ...
-1
votes
1
answer
767
views
How to verify signed file? [closed]
How to check a validity of a file using openssl and cms?
I've got a file (foo.bin) and a signature (foo.bin.cms) which is include x509 der format certificate.
is there any way to check validity of ...
0
votes
0
answers
3k
views
Submitting CSR to Microsoft CA from linux bash best practice
Similar questions:
https://stackoverflow.com/questions/31283476/submitting-base64-csr-to-a-microsoft-ca-via-curl
The link above presents an answer but it is far too complicated for me.
Below is an ...
0
votes
1
answer
196
views
manual certificate authentication for IMAPS
I'm running an IMAPS service and users are authenticated with an X.509 certificate.
It works fine using Thunderbird. But how I can connect to the IMAPS service manually using openssl? I use the same ...
0
votes
1
answer
3k
views
Open SSL Error on Windows 10 - Converting a signed CSR from PEM to CRT
I am attempting to create an IPSec VPN connection with x.509 cert authentication for users.
What follows is a test to get things going and isn't a secure implementation. I will get a certificate from ...
1
vote
1
answer
350
views
Why my signed certificate is not accepted by IOS (valid in Firefox)
I tried to generate my own CA with TLS Server Certificates. In Firefox I also do not have problems and the certificate is accepted after import of the root certificate. But after importing the root ...
1
vote
1
answer
2k
views
How to properly generate an x509 certificate with restricted usage
I'm putting certificates into a repository that will not allow a successive certificate with more limited usage than the previous one. I need an initial dummy cert/key/chain to bootstrap the process ...
0
votes
0
answers
302
views
Error generating client certificate using openssl
Getting this error with openssl 1.1.1d when using the CA generated as shown:
openssl req -new -x509 -config ca.cnf -newkey rsa:4096 -sha256 -nodes -out ca-certificate.pem -outform PEM
openssl req -...
2
votes
2
answers
11k
views
Create DER certificate+key from PEM
I'm not sure if it's even possible. Also, OpenSSL is one ugly motherlover of an utility :/
I need top upload certificate+private key as DER to ESET Security Management Center (ESMC), at least ...
0
votes
2
answers
10k
views
error when trying to add custom extensions to X509 certificates using openSSL
I am trying to add custom extensions to my self-signed certificate.
I tried the following
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -extfile myconfig.cnf -extensions ...
0
votes
0
answers
667
views
Digital signing certificate for SOAP
I'm calling a third-party Web Service with SOAP requests. This service requires me to to sign my SOAP requests digitally. Regarding to How to buy a X.509 certificate for signing digital payloads ...
3
votes
1
answer
18k
views
x509 certificate not valid for any names when added IP address to openssl.cnf
A self-signed certificate works well while the command used to generate it on a ubuntu machine is:
openssl req -x509 -newkey rsa:4096 -keyout private.key -out cert.crt -days 365 -nodes
If the ...
6
votes
1
answer
12k
views
openssl certificate chain lost when converting from pem to der
I have a cetificate chain in .pem format from Letsencrypt, called fullchain.pem
It has 2 certificates in the chain:
keytool -printcert -v -file fullchain.pem |grep "Certificate fingerprints" |wc -l
...
8
votes
2
answers
3k
views
Is it possible to generate openssl configuration file from an existing x509 certificate?
I am looking for a way to restore openssl configuration from an X509 certificate (or a csr).
I know it's possible to look at the certificate and manually reconstruct the config file but it's ...