certificate

How can I create a self-signed certificate using C#?

Since .NET 4.7.2 you can create self-signed certs using System.Security.Cryptography.X509Certificates.CertificateRequest. For example: using System; using System.IO; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; public class CertificateUtil { static void MakeCert() { var ecdsa = ECDsa.Create(); // generate asymmetric key pair var req = new CertificateRequest(“cn=foobar”, ecdsa, HashAlgorithmName.SHA256); var cert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(5)); // Create PFX (PKCS #12) with … Read more

How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default?

On Windows the easiest way is to use the program portecle. Download and install portecle. First make 100% sure you know which JRE or JDK is being used to run your program. On a 64 bit Windows 7 there could be quite a few JREs. Process Explorer can help you with this or you can … Read more

How to ignore the certificate check when ssl

For anyone interested in applying this solution on a per request basis, this is an option and uses a Lambda expression. The same Lambda expression can be applied to the global filter mentioned by blak3r as well. This method appears to require .NET 4.5. String url = “https://www.stackoverflow.com”; HttpWebRequest request = HttpWebRequest.CreateHttp(url); request.ServerCertificateValidationCallback += (sender, … Read more

Getting RSA private key from PEM BASE64 Encoded private key file

This is PKCS#1 format of a private key. Try this code. It doesn’t use Bouncy Castle or other third-party crypto providers. Just java.security and sun.security for DER sequece parsing. Also it supports parsing of a private key in PKCS#8 format (PEM file that has a header “—–BEGIN PRIVATE KEY—–“). import sun.security.util.DerInputStream; import sun.security.util.DerValue; import java.io.File; … Read more

How to install trusted CA certificate on Android device?

Prior to Android KitKat you have to root your device to install new certificates. From Android KitKat (4.0) up to Marshmallow (6.0) it’s possible and easy. I was able to install the Charles Web Debbuging Proxy cert on my un-rooted device and successfully sniff SSL traffic. Extract from http://wiki.cacert.org/FAQ/ImportRootCert Before Android version 4.0, with Android … Read more

Signing a Windows EXE file

You can try using Microsoft’s Sign Tool You download it as part of the Windows SDK for Windows Server 2008 and .NET 3.5. Once downloaded you can use it from the command line like so: signtool sign /a MyFile.exe This signs a single executable, using the “best certificate” available. (If you have no certificate, it … Read more

Using openssl to get the certificate from a server

With SNI If the remote server is using SNI (that is, sharing multiple SSL hosts on a single IP address) you will need to send the correct hostname in order to get the right certificate. openssl s_client -showcerts -servername www.example.com -connect www.example.com:443 </dev/null Without SNI If the remote server is not using SNI, then you … Read more

How to get APK signing signature?

You can access the APK’s signing signature like this using the PackageManager class http://developer.android.com/reference/android/content/pm/PackageManager.html Signature[] sigs = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures; for (Signature sig : sigs) { Trace.i(“MyApp”, “Signature hashcode : ” + sig.hashCode()); } I’ve used this to compare with the hashcode for my debug key, as a way to identify whether the APK is a … Read more