All Questions
22
questions
1
vote
0
answers
972
views
Using OpenSSH config file with -addext and -subj parameters
I'm trying to create a bash script to manage a PKI. I want to use OpenSSL conf file to specify some parameters for the generated and signed certs using my CA.
I specified default parameters as below:
...
0
votes
1
answer
704
views
Get public key from CSR or CRT
I have certificate request that contains RSA Public-Key. Looks like Modulus part is public key by itself. But according to my understanding it must contain 256 bytes while modulus part contains 257 ...
0
votes
1
answer
3k
views
openssl unable to pass -config and -signkey options in the same command
I am attempting to generate a self-signed certificate with my custom config file for openssl. However, the options -config and -signkey are generating errors as below when used in the same command.
...
1
vote
0
answers
4k
views
Unable to load CA private key when creating the intermediate pair
Following the tutorial at LINK to create the root pair and intermediate pair.
Creating the root pair works fine, but when I try to create the intermediate pair using:
openssl ca -config openssl.cnf -...
0
votes
1
answer
936
views
Is it possible to remove SAN from a certificate?
I've bought a certificate from an online provider.
The CSR only contains a single SN (mysubdomain.example.com).
The certificate issued, contains the SN i provided in my CSR, but for some reason the ...
0
votes
1
answer
2k
views
Convert DER encoded certifcate to PGP file
I have company.cer file which is a DER encoded certificate which I received from someone. I need to convert this file to a PGP file so that I can use
gpg --import <key>
How can I do this?
I ...
0
votes
0
answers
21
views
Renewed RootCA doesn't verify child certs
So i have a self signed rootCA which is expiring soon, so i created a new csr with updated info about the cert and company but im still using the same private key.
I create the new rootCA and install ...
0
votes
0
answers
1k
views
How to execute a exe on linux using wine with many arguments (openssl x590AT)
I need to execute this command in a linux server, i command line using wine:
sudo wine /var/myfolder/openssl.exe x509AT -days 355 -AA /var/myfolder/cert/certificate.crt -AAkey /var/myfolder/cert/...
1
vote
0
answers
725
views
Get ssl server name from ssl handshake - tshark
I am trying to verify a certificate using openssl. I verified the certificate chain itself and I want to check if the subject of the certificate matches the server name from the SSL field.
My code ...
2
votes
1
answer
21k
views
Verify pem certificate chain using openssl
I am trying to write a code which receives a pcap file as an input and returns invalid certificates from it.
I have parsed certificate chains, and I'm trying to verify them.
Because I get the ...
1
vote
0
answers
603
views
"Error certificate signature failure getting chain" when combining certificates in a PKCS12 keystore
I got the above error when I tried to combine a server certificate, a private key and a certificate chain into a PCKS#12 keystore (step 3) prior to convert it to a JKS keystore.
Below are the steps I ...
2
votes
3
answers
8k
views
How can I renew my certificate authority signing key?
I am a noob considering certificate authorities. I followed this article a while ago to setup my own certificate authority and with its help setup my own freelan VPN network:
https://github.com/...
1
vote
2
answers
666
views
apache SSL configuration using trusted certificates
It's my first time I'm dealing with SSL, I'd like to know, if I got this right or not.
I create selfsigned Client-Certificates with a self created CA my-own-CA.crt.
When I buy a Server-Certificate of ...
0
votes
1
answer
8k
views
SSL: Can't convert DER to PEM
I'm working with ssl certificates and trying to convert myCA.cer to myCA.pem...
$ openssl x509 -in myCA.crt -inform der -outform pem -out myCA.cer.pem
unable to load certificate
65927:error:0D0680A8:...
4
votes
2
answers
2k
views
Is it possible to have a certificate signed by 2 authorities?
To explain the situation a bit:
I'm building an iOS application that uses SSL pinning. I've created a self-signed certificate authority that issues SSL certificates to my web server, and the CA's ...