This is a known issue. The Canonicalization implementation between .NET 3.5 and .NET 4.0 has changed. I don’t know if this works on all XML signatures but the following works from the testing that I’ve done. Add the following C14N Transform class to your project: public class MyXmlDsigC14NTransform: XmlDsigC14NTransform { static XmlDocument _document; public static … Read more
CN=hostname – it’s the first option you’re being asked for here. It’s confusing that keytool refers to it as “first and last name”.
On your verify command add in the /pa option to tell it to use the Default Authentication Verification Policy instead of the Windows Driver Verification Policy, meaning it will look at your certificate stores instead of the limited set of CAs Microsoft trusts with drivers. Look here for more options: http://msdn.microsoft.com/en-us/library/8s9b9yaz(v=vs.90).aspx
The default path where certificates are looked up might be different on each platform. You can lookup your system configuration using the following command: $ openssl version -d OPENSSLDIR: “/etc/pki/tls”
Late response I know, but I had the same problem. Installing the CA for both RapidSSL and GeoTrust on the server-side solved it for me. http://support.servertastic.com/rapidssl-and-geotrust-certificate-not-trusted-on-mobile-device/ This is the RapidSSL and Geotrust CA bundle you need. https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem Documentation of some providers: RapidSSL Goddady
An even easier way is to use the New-SelfSignedCertificate PowerShell commandlet, which includes a SAN by default. In a single command you can create the certificate and add it to the store. New-SelfSignedCertificate -DnsName localhost -CertStoreLocation cert:\LocalMachine\My Note that you need to run PowerShell as an administrator.
Look at the documentation of certutil.exe and -addstore option. I tried certutil -addstore “Root” “c:\cacert.cer” and it worked well (meaning The certificate landed in Trusted Root of LocalMachine store). EDIT: If there are multiple certificates in a pfx file (key + corresponding certificate and a CA certificate) then this command worked well for me: certutil … Read more
If you’re working in Java then the Java Key Store is a fairly natural place to store private keys.Java applications typically expect to get the keys they need from JKS, and it’s easy to access from your own Java apps. JKS is not accessible (without jumping through a few hoops) from outside Java, though. PKCS#12 … Read more