certificate-authority

问题 How to import certadm.dll into managed project and use RevokeCertificate method? I tried adding it as reference but I got error asying it's not assembly or COM object. Any ideas? UPDATE: I already tried regsvr32 c:\certadm.dll and I get following error: LoadLibrary("c:\certadm.dll") failed - the specified procedure could not be found. 回答1: I know this is very old question, but i cannot find any example of using ICertAdmin2::RevokeCertificate in c#. I think it is usefull to write exaple here.

问题 For an application, I need to have a SSL certificate for a WCF service, So we installed it. If I go with an internet browser with a web browser trough https, I've got no problem, no warning, nothing, so I suppose that this certificate is considered as valid for windows. The problem is that when I'm trying to connect to my WCF server, I got this error: The X.509 certificate CN=myHostName, OU=tom, O=myDomainName, L=MyLocation, S=SO, C=CH chain building failed. The certificate that was used has

问题 Is there a custom SSL certificate authority I can add to my browser? We use lots of internal urls like http://www.somproject.somebranch/ for working on individual branches It would be cool if there was some service I could add to my browser/OS which would let me use a single cert (or easily generate certs) for non-real domains. Does this exist, or is this just a #firstworldproblem? 回答1: The point of a custom CA is that you have to create it yourself (by being the holder of the private key for

问题 I have to create an application which generates a CSR. While generating a CSR we are required to fill in several details like CN, OU, etc. The problem is that the Certifying Authority to which I have to send my CSR wants 2 OU(Organizational Unit) Names. I googled a lot but couldn't find anything using either openssl or java keytool by which I can specify 2 OU Names. Can someone please tell me how I can specify 2 OU Names while generating the CSR? 回答1: If you want to do it via CLI you can use

问题 I am trying to setup a secure connection to a java run SSLServerSocket. I have created my own root CA, and have signed the certificate that the Java SSLServerSocket using this certificate. I want to add this root certificate to my app so that any certificate signed by the root certificate will work. So far I have the secure connection working fine by setting the read and write stream properties to this: NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys: (id

问题 I am trying to access a subversion repository using SharpSvn. The repository is only available via https and the machine uses its own private certificate authority (don't worry about the security here, I trust the authority). I have the Certificate Authority's public root certificate, however due to user access rights I cannot install the certificate into the certificate store. If I use subversion directly, I can add: servers:global:ssl-authority-files=/path/to/cacert.crt servers:groups

问题 I want to create a custom CA and have created rootCertficate as mention on this link using following commands set RANDFILE=rand set OPENSSL_CONF=c:\Binaries\openssl-X64\openssl.cnf openssl req -new -keyout cakey.pem -out careq.pem openssl x509 -signkey cakey.pem -req -days 3650 -in careq.pem -out caroot.cer -extensions v3_ca I then use this certificate as root to sign and create other certificates using java program public static X509Certificate signCertificateSigningRequest(

问题 I am currently developing in an environment where EAP-TLS authentication is being used on an embedded WiFi radio. On that radio, we load multiple certificates for authentication (a client certificate, a private key file for the client, and a root CA certificate). I have recently come across this Windows Blog post and a few other posts about the deprecation of the SHA1 hash algorithm for certificate signing. My main question/concern is that the radio that I am using does not support the use of

问题 I am using cURL for Windows. I'm following separate advice and have just about no idea what I'm doing, but I know what I've done: C:\...> curl http://api.stackexchange.com/2.1/sites <garbage, probably encrypted> C:\...> curl https://api.stackexchange.com/2.1/sites curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority

问题 I am attempting to follow this reply and change a few hex bytes in a file by using hexdump, xxd, and sed. According to that response, after converting the CSR generated with keytool (which happens to be base-64 PEM format) into DER, I should be able to do a straight bytes replacement, replacing 0x13 with 0x0c . Here is what I have attempted: #convert csr pem to der openssl req -in openfire.csr -outform der -out openfire_csr.der cat openfire_csr.der | grep -aP '\x13' | md5sum