I got only .cer format certificate from the OWASP ZAP 2.5.0 but the curl which I am using as CLI browser requires .key and/or .pem formats as well. How can I obtain that as I have only cer file.
Related
I created a certificate through GoDaddy. I need to create a pfx or p12 certificate in order to sign it in a windows executable. I followed GoDaddy's instructions from this link, but I was unable to generate the pfx file. I have .spc and .pem files and I want to generate a pfx file. could you help me?
I wanted to know if there is a way to sign CSR with the Java security library. We are trying to avoid to use Bouncy Castle library. We don't wont any additional dependency in our project.
Our CSR, CA private and pulic key are in PEM format.
Regards,
There is no standard Java API to do that. However, you can use the -certreq option of the keytool utility to create CSRs using private keys stored in a keystore.
I have published a basic unsigned windows form application using ClickOnce on Visual Studio. I took the .exe file and .exe.config file and moved it to a folder on my desktop. I signed the .exe file with a legitimate digiCert signing tool, and I created the application manifest and deployment manifest using MageUI and signed it with the same signing tool. I moved all the files to the FTP server that I want the users to download from. When I enter the URL in the browser everything works fine, but it prompts me to Install, and it says that the Publisher is Unknown. After I click install, the app runs as it should.
Also, I have already added my certificate to the Trusted Publisher store, and verified that the issuer of my certificate is in the Intermediate Certification Authority store, and their issuer is in the Root Certification Authority Store.
I have also opened the deployment and application manifest using notepad, and can see my signature on them, and I can see that my .exe file is signed by right clicking on it and selecting properties, then the signature tab.
I have followed the Steps outlined in this site: https://robindotnet.wordpress.com/2013/02/24/windows-8-and-clickonce-the-definitive-answer-2/
I used the : "#1: Signing the application executable post-publish." steps.
So my main question is why is it saying that the publisher is Unknown when I download and run the .application file?
Note: that the SmartScreen filter is not picking up my app as being unsafe
I have (sadly) the same problem.
Microsoft doesn't accept anymore the SHA-1 certificate since 1. january 2016:
Windows Enforcement of Autheticode:
Code Signing Certificates: Windows will no longer trust files with the Mark of the Web attribute that are signed with a SHA-1 code signing certificate and are timestamped after 1/1/2016. With the exception of issuing certificates to developers who intend to develop only applications for Windows Vista, Windows Server 2008, CAs may not issue new SHA-1 code signing certificates after January 1, 2016.
I tried to sign with a SHA256 hash and with a SHA2 timestamp certificate but this is not enough. What I can't understand is why an unsigned exe is threated as more secure as a signed SHA1 exe in smartscreen!
The other answer tells you what's going on, and here's what's working for me. I pivoted another's work for my CI pipeline, but the script can be used in any capacity:
https://github.com/erikest/SignClickOnce
The security API's on iOS only seem to cover extracting certain parts of the certificate.
Has anyone used openSSL or asn1c to allow the retrieval of Extensions, Policies etc from the certificate bytes?
Yes, you can use openSSL to parse a certificate, but it is not a easy job, since the lack of openSSL iOS docs.
First, you need the openSSL lib for iOS, and use openSSL to generate x509 cert. Then use the method in the openSSL to try to parse it.
Here is an example of how to extract UPN from a certificate extension (I answered myself). It works fine by now. Other element is similar to fetch.
I am trying to convert my apns cert to p12 so i can use it with .net
http://code.google.com/p/apns-sharp/wiki/HowToCreatePKCS12Certificate