pki

问题 I am using the following API to fetch a certificate previously generated in EJBCA: https://www.ejbca.org/older_releases/ejbca_4_0/htdocs/ws/org/ejbca/core/protocol/ws/client/gen/EjbcaWS.html#getCertificate(java.lang.String, java.lang.String) The Private+public key was generated in the code, and hence I haven't persisted it anywhere. While setting the user status ( "editUser" ) I've used https://www.ejbca.org/older_releases/ejbca_4_0/htdocs/ws/org/ejbca/core/protocol/ws/client/gen/UserDataVOWS

问题 I have a personal, CA issued digital certificate. How do I make sub-certificates that I will sign with this trusted one? So the chain would look like this: VeriSign <- Local CA <- ME <- [ Laptop 1, Laptop 2 ] 回答1: To use your certificate sign a certificate, your certificate must have the x509 Basic Constraints extension. The reason for this is because a certificate is fundamentally a form of identification, and to issue an ID you need to be accredited so that everybody knows that you're not

问题 As it turned out in the comments to this SO-question the source of the problem lies elsewhere so I decided to ask a new question. I request a certificate from our PKI for a ecc keypair (curve is brainpoolP384r1). This is done via registration authority that does the proof of possession. After that I attach the private key to the issued certificate using some of the code in this helpful questions/answers: generate-certificate-using-ecdsa-in-c-sharp and translating-elliptic-curve-parameters-bc

问题 i received the following from some legacy system when i asked for private key: MODULUS, PUBLIC EXP, PRIVATE EXP, PRIME_P, PRIME_Q, PARAM_P, PARAM_Q, Q_MOD_INV All of this data is in hex, how can i convert this to a openssl PEM file or PFX ? Thank you and best regards! 回答1: Generate RSA key with openssl: openssl genrsa -out rsa.pem 2048 Convert RSA key from PEM format to DER format: openssl rsa -inform PEM -in rsa.pem -outform DER -out rsa.der Open file rsa.der in ASN.1 Editor: ASN.1 structure

问题 I have safenet authentication usb token which was given by a company and they told me they have digital public key certificate inside. They gave me a password and a software by which i can see that it can detect certificate inside. Now i need to access this token's certificate and then i need to use signing , encryption and decryption using my development code. But the company didn't gave me any sdk so i have to do everything by C++ Microsoft CryptoAPI. I searched on google but i am not sure

问题 I'm trying to get a hold of a private key that doesn't seem to be exportable from Keychain Access.app directly on OS X, probably because it was imported with the option to make it non-extractable. What I think might work is trying to intercept the said private key when it's used by the VPN software, the web-browser or some system software for the actual PKI authentication; is there a way to do this, perhaps with DTrace? 来源： https://stackoverflow.com/questions/25044418/can-dtrace-find-non

问题 I'm trying to have a specific page on my site only accessible to people after X.509 authentication. Catch is, I want it to be available to all clients who have a matching certificate issued by a specific Intermediate CA (I intend to have a few Intermediate CAs underneath a self-generated Root CA, but only a client certificate issued by one specific Intermediate CA can access this page). Is this possible using PHP? Let me know if I need to elaborate further, and I'll try and add more detail.

问题 I'm not very expert in this kind of programming, and I know there is several similar questions, but anyone answered exactly that I need. My team (and I) are developing a Public Key Infrastructure. We are stuck in the key generation (on client side), but we found so few documentation about it. We know there are these options: keygen tag --> generates a SPKAC request --> works in Mozilla to internal keystore, token and smartcard crypto.generateCRMFRequest() --> generates a CRMF Request -->

问题 I want to use TLS mutual authentication to authenticate a client on a API made in go. I've created a certificate authority, and let's say Bob has a key pair he wants to use with the client. Bob created a certificate request and want me to validate his certificate in order to be authorized and authenticated on the API. I've used this to create my Certificate Authority : openssl genrsa -aes256 -out ca.key 4096 openssl req -new -x509 -sha256 -days 730 -key ca.key -out ca.crt Bob used this to

问题 I have a web application where some data (not file) needs to be digitally signed using a PKI Private Key. The PKI Certificate & Private Key will be in a USB Cryptotoken which registers the certificates with the browser when inserted into the USB slot. This eases the pain of doing authentication using the certificate because I do that by trigerring ssl-renegotiation in my Application. However, using a certificate for digital signing seems to be a bit more tricky. I can think of several ways to