FAQ Database Discussion Community


MS SQL column encryption without certificate

sql,sql-server,encryption,aes,x509certificate
I am trying to encrypt one of my sensitive columns in a SQL Server table. I tried AES256 encryption with this script, and it works perfect. But I don't want to create Certificates, or Symmetric Keys on my SQL Server as it may be a security problem later. How can...

Difference between EV sign certificate and regular ones

certificate,ssl-certificate,x509certificate,x509certificate2
My company is deciding which type of certificate to choose: the EV certificate or the regular one. I would like to know the difference between them. I know that the EV ones put some kind of reputation to the application you sign, but I'm not sure about the difference. Two...

Check certificate revocation status with Java

java,certificate,x509certificate,certificate-revocation
Is it possible to implement revocation checking on a digital certificate (a *.cer file) with a Java program, without any connection to the Internet by the program? I can download the CRL from a CA's web site and put it on the server where the program is running. How does...

Sample X509 Certificates with Wrong ASN.1 Encode

x509certificate,asn.1
For testing purpose, I am looking for sample X509 Certificates with wrong ASN.1 encoding, like Null with length more then Zero, etc. Any pointers??

Working with bouncycastle provided by wildfly

java,x509certificate,bouncycastle,wildfly-8,pfx
I am trying to decrypt some private keys (.pfx X509Certificate) with Bouncy Castle. If I run the code standalone (junit), it works fine, but when I run it on wildfly with arquillian deployed as a war file, I'm facing some issues: org.jboss.arquillian.test.spi.ArquillianProxyException: javax.ejb.EJBException : JBAS014580: Unexpected Error [Proxied because :...

How to convert a .csr to .crt using openssl?

certificate,ssl-certificate,x509certificate
well i have tried the below openssl x509 -req -in <cert_name>.csr -signkey <key_name>.key -out output.crt but seems to throw an error 140735226307408:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: CERTIFICATE REQUEST Any solutions?...

Certificates being renewed yearly - how to reliably find them in the cert store?

certificate,x509certificate
I've been tasked to add security by means of certificates to an external web service we call from our ASP.NET 4.0 Webforms application. I've been able to play around with the certificate and get the code to work properly, but there are still a lot of questions unanswered when it...

How SSL works in case of self signed certificates in Java

java,ssl,https,x509certificate
I am working on a HTTPS service which will be deployed on a server with a self signed certificate and a client which will accept all certificates.I am new to SSL. I have gone through this post and this post and understand how to configure trust manager to accept all...

WCF Client With X.509 Certificate and Java Web Service

c#,wcf,soap,x509certificate
I'm currently trying to develop a client that interacts with a 3rd party web service. The third party web service is written in Java, and we have supplied them with a CA X509 certificate that is used to sign the messages. The 3rd party specifies WS-Security 1.1 (http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-SOAPMessageSecurity.pdf). We are...

Extract client X509 certificate from a secured websocket connection

authentication,websocket,ssl-certificate,x509certificate
I would like to create a certificate-based authentication on top of websocket communication. So I created a websocket serverEndpoint, and set up SSL for client authentication with the help of jetty, like this: Server server = new Server(); //Create SSL ContextFactory with appropriate attributes SslContextFactory sslContextFactory = new SslContextFactory(); //Set...

HTTP-Redirect Binding SAML Request

single-sign-on,x509certificate,saml-2.0
Suppose SP-init SSO is carried out, HTTP-Redirect Binding is used instead of HTTP-POST Binding and signed AuthnRequest is required. It means to include the SAMLRequest in the URL. Q1. Do I need to include the signature in the URL or just embed in the SAMLRequest ? The redirect url is...

View All Certificates On Smart Card

powershell,x509certificate
I am trying to create a script to remove all but the newest certificate from any given smart card (in the SC Reader at the time). This is something that I intend to be able to distribute to end users, so it should be self sufficient. My first issue is...

SSL server socket and handshake with known certificate

java,security,ssl,x509certificate,serversocket
I am new to SSl server sockets. All I am tying to do is to read data over SSL. My application listens on port 8000. Please give me few steps on how I can do this. When I have a certificate (on my disc), how can I establish the SSL...

Using X509Certificates to secure WCF services

wcf,authentication,encryption,x509certificate,transport-security
The scenario I am working on involves an ASP.NET web application communicating with a self-hosted WCF service with a netTcpBinding. The two components are hosted on separate machines. The web server is a stand-alone machine in a DMZ with no trust relationship with the application server. I want the communication...

How does WCF base64 encode the public key in client app.config

wcf,x509certificate
I am just playing arround with WCF and certificates. I have installed a certificate on my computer, referenced it in my WCF service config like this: <serviceCertificate findValue="testcert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" /> I then start the service. All is fine. Then I create a simple client console program in visual...

About .p12 certificate and how to extract keys from it

certificate,x509certificate
What is the difference between a certificate in a .cer file and one in a .p12 file? Are they just in different formats? How do I extract the private key and public key from the .p12 file? Can this be done using Java keytool? Thanks in advance....

Getting public key using the generated certificate(X509) using CertificateFactory

java,x509certificate
I am having trouble getting the public Key using the X509 certificate. I am getting an error "signed fields invalid" when trying to generate certification. Please help Code used to generate the key: public static PublicKey getPublicKey() throws CertificateException,FileNotFoundException { InputStream certFileIs = new FileInputStream("E:\\TA_Private.pfx"); CertificateFactory certfactory = CertificateFactory.getInstance("X.509"); X509Certificate...

Passing X509Certificate information with HttpUriRequest

spring,spring-security,x509certificate,apache-commons-httpclient
I've implemented a REST API in Spring-Boot running on a Tomcat server, this REST API calls another Spring REST API running on a different Tomcat server. Both web applications require client certificates for authentication. How do I pass the client certificate information from app1 to app2 when making a REST...

Add Server Certificate Information to Trust Manager Android Programmatically

android,x509certificate
I am new to this SSL and X509Certificate Concepts. What all I need is, Is there any way to get the Certificate Information from a given Url For Example: If User has typed https://www.google.com then I need the Certificate Information for that Programmatically. Edit: Finally, I got the Certificate Information...

Get Certificate Information from Url Android Programatically

android,ios,ssl-certificate,x509certificate
Is it possible to get the certificate information from the Url ? In iOS, it has NSURLAuthenticationChallengewhich gives the information if the url contains https. The same way do we have any way to get the certificate information for the particular url through Code?...

An exception of type 'System.Security.Cryptography.CryptographicException': keyset does not exist

c#,encryption,cryptography,rsa,x509certificate
All the steps made at this link System.Security.Cryptography.CryptographicException: keyset does not exist But it did not help to correct the error. static public string Build64(string idOrder, double Amount) { string StrForSign = KKBRequestStr.Replace("%ORDER%", idOrder).Replace("%AMOUNT%", string.Format("{0:f}", Amount).Replace(",", ".")); X509Certificate2 KKbCert = new X509Certificate2(KKBpfxFile, KKBpfxPass); RSACryptoServiceProvider rsaCSP = (RSACryptoServiceProvider)KKbCert.PublicKey.Key; byte[] SignData =...

Validating certificate chain in Java from truststore

java,ssl,x509certificate,keystore,truststore
I have a certificate chain as der encoded byte[][] array to verify. I also have a truststore file. After I create X509Certificate[] from that byte array[][] and initializing trustmanager, how will I tell to TrustManager to verify that X509Certificate[]? What is the proper way to do it? Thanks. Sample code:...

mobile vs dektop authentication with client certificate HTTPS

c#,authentication,ssl,https,x509certificate
Is there a different between mobile-authentication and desktop-authentication via certificate and https? And when, how to solve mobile authentiction with certificate? We try to accomplish a connection to a site eg. https: example.com and authenticate the user via certificate. Before setup a CA and generate necessary certificates. C# code from...

Read X509-Certificate to process it

c++,x509certificate,pem,gnutls
I need to read a X509 certificate in C++. I couldn't find a way to do that with the GnuTLS library. The certificate has to be read in PEM or DER format, so that I can process it twith functions of the GnuTLS library. Is there a pendant to the...

BouncyCastle - Generate certificate file that MS Windows understands

java,windows,x509certificate,bouncycastle,digital-certificate
I'm using Java and BouncyCastle to generate a CA certificate, the CA issues several user Certificates, these Certificates are stored on a Data Base with their private key. How can I generate a certificate file that can be installed by Windows in which the operating system recognizes the private key...

Unable to get SignerCertificate from CMSSigned data

java,security,digital-signature,x509certificate,bouncycastle
While trying to extract SignerCertificate (X509) from CMS Signed data, my code is giving error, no certificate found. I am using bouncycastle libraries for this purpose. I think I am unable to sign it properly.The code snippets are attached, Have a look and please correct where I am going wrong....

What is the difference between a wildcart certificate and a chained certificate for a subdomain?

ssl,subdomain,ssl-certificate,x509certificate
Newbee SSL cert question. Background: I purchased a simple domain validation certificate from Comodo and got 4 certificates which I had to chain manually. The certificate costs 10USD. A wildcart certificate cost more like 100USD. Question: Is it not possible to create a certificate request for any subdomain myself and...

php curl with certificate and no key file or passphrase

php,curl,ssl-certificate,libcurl,x509certificate
I'm relatively new to php with curl and wanted to ask a sanity check question. I'm attempting to post an xml file to an https server with a certificate in DER format provided by the server admin. I have also successfully converted the DER file to ascii PEM format and...

verifying digital signature in c#

c#,.net,certificate,digital-signature,x509certificate
I have a signed "DLL" file that I want to validate his digital signature in run time ("Before I'm loading it") I have the public key of the certificate embedded in my code, Is there a way to get the "message digest" from the digital signature? or another way to...

How do i check if certificate A got certfiicate B as issuer in Java? --> X509Certificates

java,ssl,x509certificate
I have two X509Certificates, one of them is uploaded and the other one should be the Issuer. What is the simplest whay to check if the given certificate is the issuer of the uploaded certificate? This should be done with Java.

Web Authentication with client certification

asp.net,authentication,x509certificate
I'm trying to authenticate login of a web app with three elements: Userid of web app Password of web app Client Certificates installed on user's PC. I see a client or machine certificate as a long string or key which is stored in Windows registry. I'm planning to put those...

Is checking one randomly chosen digital signature is enough for verifying multiple signed file?

java,certificate,x509certificate,digital-signature,bouncycastle
Imagine, I have multiple detached signatures of some binary file and they stored in different .sig files. When somebody modifies file, all signatures will become invalid. For xml an enveloped signature is widely used. Cheking it is more difficult - one have to extract last ds:Signature element, check signature, remove...

This certificate has an invalid issuer keychain

ssl,openssl,x509certificate,keychain,pkcs#12
I do have private key(my_ca.key) and public key(my_cert.crt) which is signed by DigiCert. Now I want to generate the SSL certificate (version 3) and sign it by my private key . Here is the way I tried to do that. But when I export into keychain (Mac OS X). I...

Does WCF do CRL/OCSP certificate checking?

c#,.net,wcf,x509certificate,ocsp
We are working on a payment processing application and want to make sure we are doing CRL/OCSP checks when establishing secure connections (we will be initiating a TLS 1.1 session with a server). I would think that .NET would do this for us, but I'm not able to find any...

wcf wss1.1 BindarySecurityToken UsernameToken configuration for client

wcf,soap,x509certificate,ws-security
I want to both sign the message with the certificate and include the username/password. I can get WCF to do either of these but not both at the same time. I'm trying to setup a client to connect to a SOAP service (WS-Security 2004) that is using both x509 certificates...