certificate

问题 I'm generating a PDF document with signature and I want it to be LTV enabled. For this, I sign the PDF when creating it and then I add the second version containing the DSS with the validation related informations (VRI). As I found in some articles, I need to add the Certificate chain (without the root certificate - Authority) and the Certificate Revocation List (CRL). In my case, both will have 2 elements. After that I add the entry for the VRI which is a SHA-1 hash of the signature content

问题 How do I export a security certificate from Chrome v37 on a Mac? Previously I could click on the little lock icon next to the URL, select "Connection," select the certificate, and an "Export" button would appear. Not so anymore! 回答1: Edit 4/3/19: I have found a workaround. This is tested on Chrome for Mac 73.0.3686.86 64-bit, platform: macOS 10.14.4: Open a new TextEdit document. In TextEdit, click Format | Make Plain Text. Arrange windows so that the TextEdit window and the Chrome window are

问题 Anyone knows how to force the WebBrowser control to automatically select a specific client certificate and not open the pop up with client certificates list? 回答1: I solved this issue changing the certificate purposes to "Disable all purposes for this certificate", so just the certificate with the desired purpose could be used by WebBrowser control. 来源： https://stackoverflow.com/questions/4388149/how-to-force-webbrowser-control-to-select-one-specific-client-certificate

问题 Anyone knows how to force the WebBrowser control to automatically select a specific client certificate and not open the pop up with client certificates list? 回答1: I solved this issue changing the certificate purposes to "Disable all purposes for this certificate", so just the certificate with the desired purpose could be used by WebBrowser control. 来源： https://stackoverflow.com/questions/4388149/how-to-force-webbrowser-control-to-select-one-specific-client-certificate

问题 I have the following issue: I want to generate the SAML-metadata, for my SSO-ServiceProvider, using node.js and the package 'passport-saml'. This package includes the method 'generateServiceProviderMetadata( decryptionCert )' which will generate a service provider metadata document suitable for supplying to an identity provider. this requires an decryptionCert... Which decryptionCert shall I use, i.e. where and how to get it? As far as I understand, I need something like: privateCert: fs

问题 I have the following issue: I want to generate the SAML-metadata, for my SSO-ServiceProvider, using node.js and the package 'passport-saml'. This package includes the method 'generateServiceProviderMetadata( decryptionCert )' which will generate a service provider metadata document suitable for supplying to an identity provider. this requires an decryptionCert... Which decryptionCert shall I use, i.e. where and how to get it? As far as I understand, I need something like: privateCert: fs

问题 I'm trying to convert x.PFX file to x.JKS file using keytool but I am getting following error: keytool error: java.lang.Exception: Alias <2> does not exist Actions that preceded this error are: Listing x.PFX file content (just to read alias name): keytool -v -list -storetype pkcs12 -keystore x.pfx Enter keystore password: x Keystore type: PKCS12 Keystore provider: SunJSSE Your keystore contains 1 entry Alias name: 2 Creation date: 11-nov-2012 Entry type: PrivateKeyEntry Certificate chain

问题 I'm trying to convert x.PFX file to x.JKS file using keytool but I am getting following error: keytool error: java.lang.Exception: Alias <2> does not exist Actions that preceded this error are: Listing x.PFX file content (just to read alias name): keytool -v -list -storetype pkcs12 -keystore x.pfx Enter keystore password: x Keystore type: PKCS12 Keystore provider: SunJSSE Your keystore contains 1 entry Alias name: 2 Creation date: 11-nov-2012 Entry type: PrivateKeyEntry Certificate chain

问题 I can see that I can revoke a certificate using WS (however I'm not sure how I'm supposed to get it's issuerDN) but is there a way to delete the end entity in it's entirety. Basically can I do the equivalent of doing "revoke and delete" with a web service? Edit: just noticed that "revoke and delete" doesn't truly delete the end entity as if they are remade the old revoked certificates are still there. Guess the only way is to delete the data from the DB? 回答1: Correct. Delete an end entity

问题 Apologies for my lack of understanding of certificates in general. I have a .p12 file (with a non-expired certificate) and a valid password so I can list the contents using: keytool -list -keystore file.p12 -storepass password -storetype PKCS12 -v In my Java code I am attempting an HTTPS post but keep getting this error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching [host.path.com] found This same post works against one of my other environments