You need to change the type of the keystore, from BKS to BKS-v1 (BKS-v1 is an older version of BKS). Because the BKS version changed as said here There is another solution, that is much much easier: Using Portecle: Downloads Portecle http://portecle.sourceforge.net/ Open your bks file with the password and portecle Do Tools>>Change Keystore Type>>BKS-v1 … Read more
Here is an alternative way that doesn’t override the existing certificates: [bash fragment for linux systems] certificateFile=”MyCa.cert.pem” certificateName=”MyCA Name” for certDB in $(find ~/.mozilla* ~/.thunderbird -name “cert8.db”) do certDir=$(dirname ${certDB}); #log “mozilla certificate” “install ‘${certificateName}’ in ${certDir}” certutil -A -n “${certificateName}” -t “TCu,Cuw,Tuw” -i ${certificateFile} -d ${certDir} done You may find certutil in the libnss3-tools … Read more
You must subclass and override one or more functions. class MyWebClient : WebClient { protected override WebRequest GetWebRequest(Uri address) { HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(address); request.ClientCertificates.Add(new X509Certificate()); return request; } }
Put your domain name here: https://www.ssllabs.com/ssltest/analyze.html You should be able to see if there are any issues with your ssl certificate chain. I am guessing that you have SSL chain issues. A short description of the problem is that there’s actually a list of certificates on your server (and not only one) and these need … Read more
With openssl: openssl x509 -enddate -noout -in file.pem The output is on the form: notAfter=Nov 3 22:23:50 2014 GMT Also see MikeW’s answer for how to easily check whether the certificate has expired or not, or whether it will within a certain time period, without having to parse the date above.
Try using following command. I haven’t tried it but I think it should work. openssl pkcs8 -topk8 -inform PEM -outform DER -in filename -out filename -nocrypt
The general procedure to issue certificates in a Public Key Infrastructure is more or less the following: the client generates a key pair, private and public the client generates a CSR (Certificate Signing Request) including attributes like Common Name and the Public Key. Signs it with the private key and sends it to the server … Read more
I believe that this is correct: using (X509Store store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadWrite); store.Add(cert); //where cert is an X509Certificate object }
Use the /d command line argument with the required program name when executing signtool to sign the msi. It appears that the windows installer creates a temporary copy of the msi file and assigns it a generated name before running it. If you don’t use /d with signtool, you get to see the temporary filename … Read more
Using JDK 1.6 or later It has been pointed out by Justin in the comments below that keytool alone is capable of doing this using the following command (although only in JDK 1.6 and later): keytool -importkeystore -srckeystore mypfxfile.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype JKS Using JDK 1.5 or below OpenSSL can do it all. … Read more