x509certificate

How to get X509Certificate from certificate store and generate xml signature data?

by

As far as I know, certificates are not saved by XML Format , you should combine it by yourself. Is this what you want ? static void Main(string[] args) { X509Certificate2 cer = new X509Certificate2(); cer.Import(@”D:\l.cer”); X509Store store = new X509Store(StoreLocation.CurrentUser); store.Certificates.Add(cer); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection cers = store.Certificates.Find(X509FindType.FindBySubjectName, “My Cert’s Subject Name”, false); if (cers.Count>0) { … Read more

HttpListener class with HTTPS support

by

I did a bunch of homework and got this working. The steps to add SSL support for an .NET HttpListener are: Update C# application code to include the https prefix. Example: String[] prefixes = { “http://*:8089/”,”https://*:8443/” }; That’s it from the code aspect. For the certificate side of things, using the Windows SDK command console … Read more

What is the right way to send a client certificate with every request made by the resttemplate in spring?

by

Here is example how to do this using RestTemplate and Apache HttpClient You should define your own RestTemplate with configured SSL context: @Bean public RestTemplate restTemplate(RestTemplateBuilder builder) throws Exception { char[] password = “password”.toCharArray(); SSLContext sslContext = SSLContextBuilder.create() .loadKeyMaterial(keyStore(“classpath:cert.jks”, password), password) .loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(); HttpClient client = HttpClients.custom().setSSLContext(sslContext).build(); return builder .requestFactory(new HttpComponentsClientHttpRequestFactory(client)) .build(); } private … Read more

WindowsCryptographicException: Keyset does not exist

by

The problem was resolved by adding IIS_IUSR group. From this link Add group IIS_IUSR: The problem was that the Permissions for the Private Key of the Certificate in the Windows Certificate Store did not have the IIS_IUSRS group set to allow read access. Right click certificate -> All Tasks -> Manage Private Keys -> Add … Read more

Is serial number a unique key for X509 certificate?

by

No. For example, OpenSSL let’s the user set this when they create certificates. See: http://www.openssl.org/docs/apps/x509.html -set_serial n specifies the serial number to use. This option can be used with either the -signkey or -CA options. If used in conjunction with the -CA option the serial number file (as specified by the -CAserial or -CAcreateserial options) … Read more

add or create ‘Subject Alternative Name’ field to self-signed certificate using makecert

by

An even easier way is to use the New-SelfSignedCertificate PowerShell commandlet, which includes a SAN by default. In a single command you can create the certificate and add it to the store. New-SelfSignedCertificate -DnsName localhost -CertStoreLocation cert:\LocalMachine\My Note that you need to run PowerShell as an administrator.

tech