Skip to main content
Server Fault

All Questions

Ask Question
Tagged with
38 questions
Newest Active Bountied Unanswered
2 votes
1 answer
124 views

What happens if the startdate of a CA is later that the startdate of a X509 certificate signed by it?

I am in the process of extending the lifetime of a private CA creating a new certificate with the same name, serial number, private/public keys, etc. The only change would be the "startdate" ...
jcea's user avatar
jcea
  • 273
1 vote
1 answer
2k views

keytool error: java.security.cert.CertificateParsingException: signed fields invalid

I have a X509 certificate pem file I got from Mongo Atlas. I'm trying to import it into the keystore like so: keytool -importcert -file X509-cert.pem -alias myalias -keystore mykeystore.p12 -storetype ...
ritratt's user avatar
ritratt
  • 139
-1 votes
1 answer
767 views

How to verify signed file? [closed]

How to check a validity of a file using openssl and cms? I've got a file (foo.bin) and a signature (foo.bin.cms) which is include x509 der format certificate. is there any way to check validity of ...
Nav Boom's user avatar
Nav Boom
  • 3
0 votes
0 answers
3k views

Submitting CSR to Microsoft CA from linux bash best practice

Similar questions: https://stackoverflow.com/questions/31283476/submitting-base64-csr-to-a-microsoft-ca-via-curl The link above presents an answer but it is far too complicated for me. Below is an ...
searchbruh's user avatar
searchbruh
  • 1
0 votes
1 answer
196 views

manual certificate authentication for IMAPS

I'm running an IMAPS service and users are authenticated with an X.509 certificate. It works fine using Thunderbird. But how I can connect to the IMAPS service manually using openssl? I use the same ...
Micha's user avatar
Micha
  • 101
0 votes
1 answer
3k views

Open SSL Error on Windows 10 - Converting a signed CSR from PEM to CRT

I am attempting to create an IPSec VPN connection with x.509 cert authentication for users. What follows is a test to get things going and isn't a secure implementation. I will get a certificate from ...
S4M8's user avatar
S4M8
  • 3
1 vote
1 answer
350 views

Why my signed certificate is not accepted by IOS (valid in Firefox)

I tried to generate my own CA with TLS Server Certificates. In Firefox I also do not have problems and the certificate is accepted after import of the root certificate. But after importing the root ...
Maik's user avatar
Maik
  • 121
1 vote
1 answer
2k views

How to properly generate an x509 certificate with restricted usage

I'm putting certificates into a repository that will not allow a successive certificate with more limited usage than the previous one. I need an initial dummy cert/key/chain to bootstrap the process ...
user1169420's user avatar
user1169420
  • 125
0 votes
0 answers
302 views

Error generating client certificate using openssl

Getting this error with openssl 1.1.1d when using the CA generated as shown: openssl req -new -x509 -config ca.cnf -newkey rsa:4096 -sha256 -nodes -out ca-certificate.pem -outform PEM openssl req -...
L P's user avatar
L P
  • 101
2 votes
2 answers
11k views

Create DER certificate+key from PEM

I'm not sure if it's even possible. Also, OpenSSL is one ugly motherlover of an utility :/ I need top upload certificate+private key as DER to ESET Security Management Center (ESMC), at least ...
StanTastic's user avatar
StanTastic
  • 900
0 votes
2 answers
10k views

error when trying to add custom extensions to X509 certificates using openSSL

I am trying to add custom extensions to my self-signed certificate. I tried the following openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -extfile myconfig.cnf -extensions ...
brain storm's user avatar
brain storm
  • 163
0 votes
0 answers
667 views

Digital signing certificate for SOAP

I'm calling a third-party Web Service with SOAP requests. This service requires me to to sign my SOAP requests digitally. Regarding to How to buy a X.509 certificate for signing digital payloads ...
Mikael H.'s user avatar
Mikael H.
  • 1
3 votes
1 answer
18k views

x509 certificate not valid for any names when added IP address to openssl.cnf

A self-signed certificate works well while the command used to generate it on a ubuntu machine is: openssl req -x509 -newkey rsa:4096 -keyout private.key -out cert.crt -days 365 -nodes If the ...
minghua's user avatar
minghua
  • 181
6 votes
1 answer
12k views

openssl certificate chain lost when converting from pem to der

I have a cetificate chain in .pem format from Letsencrypt, called fullchain.pem It has 2 certificates in the chain: keytool -printcert -v -file fullchain.pem |grep "Certificate fingerprints" |wc -l ...
ArticIceJuice's user avatar
ArticIceJuice
  • 83
8 votes
2 answers
3k views

Is it possible to generate openssl configuration file from an existing x509 certificate?

I am looking for a way to restore openssl configuration from an X509 certificate (or a csr). I know it's possible to look at the certificate and manually reconstruct the config file but it's ...
cyc115's user avatar
cyc115
  • 183

15 30 50 per page
1
2 3