ca

问题 During my search, I found several ways of signing a SSL Certificate Signing Request: Using the x509 module: openssl x509 -req -days 360 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt Using the ca module: openssl ca -cert ca.crt -keyfile ca.key -in server.csr -out server.crt Note: I am unsure of the use of the right parameters for this one. Please advise correct usage if I am to use it. What way should one use to sign certificate requests with your Certification

问题 I'm trying to create a certificate (A) which is signed for other certificate (B) stored in a p12 keystore. This stored certificate (B) was added to the trusted certificate store of my local machine. Certificate A is used to sign a pdf document using bouncy castle 1.52 library, but the digital signature that I obtain in the signed document is invalid. I'm going to explain the steps done just if somebody can help me. First, I create a CSR from the p12 keystore(B): private static

问题 I am working in a company where we are using the hyperledger fabric to build our application. we have been using the fabric CA till now. Now for the production phase we are planning to move to third party ca provider. I have read the documentation of the Fabric CA (https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/) for understanding how it works. I have been looking in the Stackoverflow Fabric tag (https://stackoverflow.com/questions/tagged/hyperledger-fabric) if i could find some

问题 I have the Apple Root CA - G3 root Certificate and I need to validate the chain of trust. I need to verify that the leaf certificate was signed by the sub-CA certificate. How can I do this with Java? 回答1: Use this snippet X509Certificate certificate =... X509Certificate intermediate = ... try{ certificate.verify(intermediate.getPublicKey()); //Verification ok. intermediate is the issuer } catch (Exception e){} } 来源： https://stackoverflow.com/questions/42287576/verify-that-the-leaf-certificate

问题 From a result of security scan program, I have a need to restrict the Certificate Authorities the app trusts. The scan result points out the line at webView.loadUrl("https://example.com/page"); . I see how I can create a SslSocketFactory that uses my TrustManager, but I don't see an API in WebView that allows me to set that. https://developer.android.com/training/articles/security-ssl.html#UnknownCa What are some possible ways to achieve this? 回答1: I think WebViewClient 's onReceivedSslError

问题 I have a Rails application with a public REST API which authenticates API clients using SSL client certificates. I would like the app to act as a simple CA. Admin users should be able to visit a page on the site and request a new certificate. The application should generate a new SSL cert, signed with the application's private key, and return it in some form to the admin user. The admin user will then install this cert in client apps. These apps will then be able to use the new cert to access

问题 Are there any tools or mechanism(s) which can help validate a CA issued SSL certificate before installing it on the target web server? 回答1: Yes, you can use openssl to create a test server for your certificate with the s_server command. This creates a minimal SSL/TLS server that responds to HTTP requests on port 8080: openssl s_server -accept 8080 -www -cert yourcert.pem -key yourcert.key -CAfile chain.pem yourcert.pem is the X.509 certificate, yourcert.key is your private key and chain.pem

问题 I use the below server.c source, i generated sinful-host-cert.pem sinful-host.key as described here: Elliptic Curve CA Guide When running the program get the following errors: 140722397161136:error:10071065:elliptic curve routines:func(113):reason(101):ec_lib.c:995: 140722397161136:error:0B080075:x509 certificate routines:func(128):reason(117):x509_cmp.c:346: I compiled using: gcc server.c -ldl -lcrypto -lssl -o Server The error occurs at this line I think if (SSL_CTX_use_PrivateKey_file(ctx,

问题 I'm trying to connect Hyperledger Fabric CA to an Openldap. The Openldap is set up in local, with a single organisation dc=fabric-ca,dc=example,dc=com And a single user, cn=admin,dc=.../ I have set up a Fabric-CA with following server config : ldap: enabled: true url: ldap://cn=admin,dc=fabric-ca,dc=example,dc=com:000000@☺localhost:389/dc=fabric-ca,dc=example,dc=com userfilter: (dn:%s) tls: enabled: false attribute: names: ["dn"] Converters and maps are irrelevant (so far). The admin exist in

问题 I've been unable to git clone just about any github repo because of this error fatal: unable to access 'github_url': server certificate verification failed. CAfile: /home/ubuntu/.ssh/rel3_dodroot_2048.crt CRLFile: none I've noticed a few other people have had a similar error, but with the certificate in the .ssl folder. I've never seen anyone have this problem with the certificate in the .ssh though, and I have no idea how to fix it. Environment: Nvidia Jetson TX1 running Ubuntu 14.04