pki

We have developed a webbased Java application running in Tomcat under IIS on Windows 2008. The website has 2-way (mutual) SSL enabled in IIS requiring the client to authenticate using a x.509 certificate (PKI) as part of SSL and this works fine with all our certificates using IE. The website also has a java-applet called ViewOne ImageViewer. This works fine with 2-way SSL with some of our certificates but with others we get the exception on the client (java 1.6) during SSL-handshake after the user has selected its authentication certificate: security: KeyUsage does not allow digital signatures

I'm trying to generate a CSR in Python without using OpenSSL. If someone could point in the right direction, I'd be very grateful. I assume you don't want to use the command line openssl itself and a Python lib is ok. Here is an helper function I wrote to create a CSR. It returns the private key from the generated key pair and the CSR. The function depends on pyOpenSSL.crypto. def create_csr(self, common_name, country=None, state=None, city=None, organization=None, organizational_unit=None, email_address=None): """ Args: common_name (str). country (str). state (str). city (str). organization

Our use-case requires validating certificate revocation via OCSP on a PKIX set-up. My starting point was the code at this related question: OCSP Revocation on client certificate I'm doing it manually at the application level since tomcat doesn't support it. However, I'm having some trouble building the certPath and I think I'm missing some fundamental understanding. First I try to create the certPath for the incoming client x509Certificate. KeyStore store is initialized correctly and contains only the root certificates that match the client x509Certificate. EDIT: I got the same result after

I am looking for a method, using PowerShell only, to list the certificate chain for signed files. Specifically to get the Root certificate. As I need to get a list of which Non-Microsoft root certificates certain executables (on installed software), are dependent on. This is due to a OS-baseline guidelines, that uses the PKI procedure in Microsoft KB293781. Where only specific Root certificates shall be put on specific computers. E.g the much used "VeriSign Class 3 Primary CA - G5", shall only be used when necessary. Get-AuthenticodeSignature only lists the Issuer. E.g: Get

Let us say that I use the algorithm on this site to encrypt and decrypt data with public-private keys: Public Key RSA Encryption in C# .NET on CodeProject Now, let us say that someone encrypts his data using my public key using another algorithm and sends it to me. Using a different algorithm (like the one on the site), will I be able to decrypt the information back using my private key? Or is this impossible since the algorithms were different? My point is, will the end result always be the same if different encryption algorithms are used, assuming that the keys used are correct? Is there

I have a coreos kubernetes cluster, which I started by following this article: kubernetes coreos cluster on AWS TLDR; > kube-aws init > kube-aws render > kube-aws up Everything worked good and I had a kubernetes coreos cluster on AWS. In the article there is a warning that said: PRODUCTION NOTE: the TLS keys and certificates generated by kube-aws should not be used to deploy a production Kubernetes cluster. Each component certificate is only valid for 90 days, while the CA is valid for 365 days. If deploying a production Kubernetes cluster, consider establishing PKI independently of this tool

I am writing an application that used PKI to secure email, files etc. Using the System.Cryptography namespace, I am generating a new key pair using RSACryptoServiceProvider . The method is: public static void GenerateKeys(int keySize, out string publicKey, out string privateKey) { using (var provider = new RSACryptoServiceProvider(keySize)) { publicKey = provider.ToXmlString(false); privateKey = provider.ToXmlString(true); } } keySize = 2048. This results in a public key like (this has been trimmed/padded with "-----START/END PUBLIC KEY BLOCK-----" wrappers for neatness. -----START PUBLIC KEY

I want to use TLS mutual authentication to authenticate a client on a API made in go. I've created a certificate authority, and let's say Bob has a key pair he wants to use with the client. Bob created a certificate request and want me to validate his certificate in order to be authorized and authenticated on the API. I've used this to create my Certificate Authority : openssl genrsa -aes256 -out ca.key 4096 openssl req -new -x509 -sha256 -days 730 -key ca.key -out ca.crt Bob used this to create his certificate and certificate request : openssl genrsa -out bob.key 4096 openssl req -new -key