How do I do TLS with BouncyCastle?

This is a very basic example, with server-only authentication and self-signed cert. The code is based on BC 1.49, mostly leightweight API: ServerSocket serverSocket = new ServerSocket(SERVER_PORT); final KeyPair keyPair = … final Certificate bcCert = new Certificate(new org.spongycastle.asn1.x509.Certificate[] { new X509V3CertificateStrategy().selfSignedCertificateHolder(keyPair).toASN1Structure()}); while (true) { Socket socket = serverSocket.accept(); TlsServerProtocol tlsServerProtocol = new TlsServerProtocol( socket.getInputStream(), … Read more

This certificate has an invalid issuer : Keychain marks all certificates as “Invalid Issuer” [duplicate]

In Keychain access, -> View -> Show Expired Certificates, then in your login keychain click on expired certificate and delete it. I also had the same expired certificate in my System keychain, so I deleted it from there too. -> After deleting the expired cert from the login and System keychains,download certificate from below link … Read more

Web Browser Certificate Enrollment (CSR Generation) and Certificate Download to Smartcard or USB Token

Disclosure: I work for CISPL, Co. which develops Signer.Digital Browser Extension Browser Extension may be used to Enroll Certificate (Generate CSR) and Download Certificate in Windows Certificate Store or Smartcard or USB Token from modern browsers. Browser extension provides JavaScript API which in turn talks to host application running on local machine to do the … Read more

How to force older debian to forget about DST Root CA X3 Expiration and use ISRG Root X1 – SSL certificate problem: certificate has expired

disclaimer; I’m no security expert (I know things, but you do you). Make sure you understand what you do before applying whatever fix shared here Fix by upgrading your instances Upgrade your instances. This problem won’t happen on debian 9 or higher. In the following example, I had this problem on a ruby:2.4.1 docker image … Read more