-print_certs is the option you want to use to list all of the certificates in the p7b file, you may need to specify the format of the p7b file you are reading. You can then redirect the output to a new file to build the concatenated list of certificates. Open the file in a text … Read more
I edited the answer to do the root certificate first and then issue an end entity certificate. Here is some example of generating a self-signed certificate through Bouncy Castle: public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, int keyStrength = 2048) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = … Read more
Perhaps /// <summary> /// Export a certificate to a PEM format string /// </summary> /// <param name=”cert”>The certificate to export</param> /// <returns>A PEM encoded string</returns> public static string ExportToPEM(X509Certificate cert) { StringBuilder builder = new StringBuilder(); builder.AppendLine(“—–BEGIN CERTIFICATE—–“); builder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)); builder.AppendLine(“—–END CERTIFICATE—–“); return builder.ToString(); }
openssl x509 -in cert.crt -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 You may need to add -inform der to the first command if cert.crt is in DER form rather than in PEM form.
Decode the Base64 to binary, with some InputStream reading it, then try CertificateFactory cf = CertificateFactory.getInstance(“X.509”); Certificate cert = cf.generateCertificate(is);
Although this question was more specifically about IP addresses in Subject Alt. Names, the commands are similar (using DNS entries for a host name and IP entries for IP addresses). To quote myself: If you’re using keytool, as of Java 7, keytool has an option to include a Subject Alternative Name (see the table in … Read more
You can only use something like this: openssl -extensions mysection -config myconfig.cnf and myconfig.cnf: [mysection] keyUsage = digitalSignature extendedKeyUsage = codeSigning I am not aware of command line interface to this functionality.
The original order is in fact backwards. Certs should be followed by the issuing cert until the last cert is issued by a known root per IETF’s RFC 5246 Section 7.4.2 This is a sequence (chain) of certificates. The sender’s certificate MUST come first in the list. Each following certificate MUST directly certify the one … Read more
Does your cacerts.pem file hold a single certificate? Since it is a PEM, have a look at it (with a text editor), it should start with —–BEGIN CERTIFICATE—– and end with —–END CERTIFICATE—– Finally, to check it is not corrupted, get hold of openssl and print its details using openssl x509 -in cacerts.pem -text
Sure. The certificate objects can be created by an instance of CertificateFactory – in particular, one configured to create X509 certificates. This can be created like so: CertificateFactory certFactory = CertificateFactory.getInstance(“X.509”); Then you need to pass it an InputStream containing the bytes of the certificate. This can be achieved by wrapping your byte array in … Read more