In case you are in need of knowing how to extract this information from the certificate in your iOS code, here you have one way to do it. First of all add the security framework. #import <Security/Security.h> The add the openssl libraries. You can download them from https://github.com/st3fan/ios-openssl #import <openssl/x509.h> The NSURLConnectionDelegate Protocol allows you … Read more
You can extract a private key from a keystore with Java6 and OpenSSL. This all depends on the fact that both Java and OpenSSL support PKCS#12-formatted keystores. To do the extraction, you first use keytool to convert to the standard format. Make sure you use the same password for both files (private key password, not … Read more
After some searching and trawling through some old stackoverflow questions I’ve found a solution in a previously asked SO question: Question: Java client certificates over HTTPS/SSL Answer Java client certificates over HTTPS/SSL Here’s the code that I ended up using. // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new … Read more
File extensions for cryptographic certificates aren’t really as standardized as you’d expect. Windows by default treats double-clicking a .crt file as a request to import the certificate into the Windows Root Certificate store, but treats a .cer file as a request just to view the certificate. So, they’re different in the sense that Windows has … Read more
This could happen if you are not running the command prompt in administrator mode. If you are using windows 7, you can go to run, type cmd and hit Ctrl+Shift+enter. This will open the command prompt in administrator mode. If not, you can also go to start -> all programs -> accessories -> right click … Read more
Please refer this answer for your reference. No need of passing any VM arguments after you successfully installed certificate of the site which is giving you PKIX error! But key is to find JRE which is giving you this error! So make sure about 2 things: you install certificate to cacerts file of JRE which … Read more
Step 1: Generating a self-signed certificate: I downloaded the Certificate.cs class posted by Doug Cook I used this code to generate a .pfx certificate file: byte[] c = Certificate.CreateSelfSignCertificatePfx( “CN=yourhostname.com”, //host name DateTime.Parse(“2000-01-01”), //not valid before DateTime.Parse(“2010-01-01”), //not valid after “mypassword”); //password to encrypt key file using (BinaryWriter binWriter = new BinaryWriter( File.Open(@”testcert.pfx”, FileMode.Create))) { … Read more
There are few ways to tackle this. Option 1: I would probably have the code deployed to both folders, then in the file: /system/application/config/config.php, set your page to: $config[‘base_url’] = “http://www.yoursite.com/”; or $config[‘base_url’] = “https://www.yoursite.com/”; Then in your non-ssl VirtualHost folder, set your config to redirect protected pages by folder to the SSL site: RedirectPermanent … Read more
A CA certificate is a digital certificate issued by a certificate authority (CA), so SSL clients (such as web browsers) can use it to verify the SSL certificates sign by this CA. For example, stackoverflow.com uses Let’s Encrypt to sign its servers, and SSL certificates sent by stackoverflow.com mention they are signed by Let’s Encrypt. … Read more
I put together this test app to reproduce the issue using the HTTP testing framework from the Apache HttpClient package: ClassLoader cl = HCTest.class.getClassLoader(); URL url = cl.getResource(“test.keystore”); KeyStore keystore = KeyStore.getInstance(“jks”); char[] pwd = “nopassword”.toCharArray(); keystore.load(url.openStream(), pwd); TrustManagerFactory tmf = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keystore); TrustManager[] tm = tmf.getTrustManagers(); KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keystore, pwd); … Read more