Questions tagged [x509]
In cryptography, X.509 is a standard for a public key infrastructure (PKI) for single sign-on (SSO) and Privilege Management Infrastructure (PMI).
50
questions
4
votes
2
answers
269
views
How to get the type of encoding used in a X509 Subject field?
In RFC 5280 is written that for example the X520OrganizationName can use one of the following encodings:
X520OrganizationName ::= CHOICE {
teletexString TeletexString
...
- 183
1
vote
1
answer
82
views
OpenSSL CSR adds prefix in custom attribute value
I am creating an OpenSSL configuration that should assist in generating Certificate Signing Requests for Hyperledger Fabric Identity and TLS certificates (we cannot use Fabric CA in our organisation). ...
- 113
1
vote
1
answer
329
views
Is there any benefit in signing Excel macros using EV certificates?
Some of our software services at work offer downloading Excel files as templates to fill in some data and then reuploading them to our software for import. Since the users in our domain usually are ...
- 61
0
votes
1
answer
3k
views
openssl unable to pass -config and -signkey options in the same command
I am attempting to generate a self-signed certificate with my custom config file for openssl. However, the options -config and -signkey are generating errors as below when used in the same command.
...
- 131
1
vote
1
answer
6k
views
self signed certificate throwing "RSA_padding_check_PKCS1_type_1:invalid padding" error
My domain uses a self signed certificate created like this:
$ ISSUER="/C=EN/L=City/O=ORG"
$ SUBJECT="/C=EN/L=City/O=ORG/CN=myserver.com"
$ SAN="DNS:myserver.com"
$ ...
- 111
0
votes
1
answer
290
views
Can rsync be used with x509 certs for authentication? If so, how?
I need to use x509 certs to be able to authenticate with a work server. This is not a problem with ssh and scp sessions but I need to set up cron'd rsync and I don't see how to get rsync to use those ...
0
votes
0
answers
604
views
Get hash after decrypt (code) signature with the public key
I am new to code signing. After signing my message I get a public key and pkcs7 certificate. I am trying to manually compare the hash of my massage with the hash I get after decrypting the signature ...
0
votes
1
answer
79
views
how to get extensive certificate info - in text form via cli?
How do I get extensive info on an x509 certificate in text form so I can pipe its output further into scripts?
Plain openssl cmd for showing cert info is quite skimpy and non-descriptive (unless there ...
5
votes
3
answers
4k
views
Is there any use for SANs in client certificate verification?
When a client verifies a server's certificate, it knows the domain name of the server, then it can check whether the domain name exists in the SAN (Subject Alternative Name) field of the server's ...
- 51
16
votes
3
answers
40k
views
view all certs in a PEM cert file (full cert chain) with openssl or another command
often cert files (in PEM) format contain multiple certs like:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
with the command:
...
- 385
1
vote
1
answer
2k
views
Who is the issuer of this Personal certificate
In the certificate store of my Windows 10 PC (not joined to a domain) there is a certificate under Personal as follows:
subject=/CN=0c4e397b-ea9d-48a5-9cfc-0366effbd081
issuer=/DC=net/DC=windows/CN=MS-...
- 1,277
0
votes
1
answer
1k
views
Have I understood how OpenSSH and X509 works?
We want to test a connection with OpenSSH using X509 certificates using pkixssh fork from Roumen Petrov.
I don't understand really how the full authentication works and specially how to create the ...
- 111
2
votes
2
answers
10k
views
ssh-keygen and writing user certificate in X.509 format?
I need to create a SSH certificate encoded as X.509 per RFC 6187, X.509v3 Certificates for Secure Shell Authentication. Base on the ssh-keygen (1) man page and a few online tutorials I am at the point ...
- 12.3k
6
votes
1
answer
3k
views
How to import an SSH ed25519 key to GPG?
I have an SSH ed25519 key which I would like to import to GPG as an Authentication Subkey. There doesn't appear to be any documentation available on how to do this.
- 65
2
votes
1
answer
466
views
OpenSSL CA Certificate generation failing without error message
I want to create a CA Certificate out of a CSR. The process is failing with no error message though, so I don't know where to find a solution.
[user@computer myca]$ openssl ca -config openssl.cnf -...
- 21