I have followed the instruction for creating x509 cert, however, after uploading the cert, i get
Your x.509 certificate is invalid. Please upload a new certificate
Anyone seeing the same?
Can you please provide more details about your certificate:
1) Was it a valid X.509 certificate, base64 encoded ( PEM ) format with 1024 bytes key size ?
Also the link you posted is incorrect for the documentation. It is here :
Create X509 Certificate
2) Is the error occuring at the time of uploading CERT or at the time of registering ( clicking on the submit button ) ?
You can always just export the public key only from the PEM and upload that.
You would need to submit a support ticket for us to investigate your cert as we would need to take a look at it.
I have followed the .Net self sign instructions with no issues. However others have had issues with PEM. Follow them to the letter, or like I said export the pub cert as text. that should work.
regards,
Jarred
Related
I have a dsc token, im aware that they can be only signing, or they can be signing and encryption. How do i check?
KeyUsageFlag for X509 certificate is a bitwise flag.
Please refer: X509KeyUsageFlags Enum
There can be a single certificate with both the flag set (addation of values for DigitalSignature and KeyEncipherment) i.e. 128 + 32 or two different certificates. This depends on how Certifying Authority choses to issue the certificate.
How do i check?
Method 1: You must have Smartcard or USB Token driver installed which pushesh Certificates in token to Windows Certificate Store on inserting the token. Then run certmgr.msc to open Certificate Manager; go to Personal Certificates, double click the required certificate to open the Certificate Details and check Key Usage property in Details tab. Values displayed here are in Hex. like: Digital Signature (80)
Method 2:
You may filter on key values and check as above.
Install Signer.Digital Browser Extension as described here
Once Extension is installed and available in the browser, open any site so that browser loads extension script and execute below commands from the console of the browser
SignerDigital.getSelectedCertificate("", 32) - to list only Encryption Certificates
SignerDigital.getSelectedCertificate("", 128) - to list only DigitalSignature Certificates.
Here 32 and 128 are X509KeyUsageFilter values as discussed above.
I ONLY have .crt file with me which I purchased from Comodo. No private key or any thing. How can I use this to sign my code and get rid of "publisher unknown" issue in my installer. I have used Inno-Setup for creating the installer too. Code is in C Sharp. I tried to use sign tool and openssl but I don't have any other file than this user.crt file. I just can get .cer format using .crt and thats all. Appreciate any help
Usually, you need sign the application from PC where you are registered Comodo certificate. The private key saved by your browser in the local storage.
You cannot sign files with a public key only.
You need the private key.
If it were possible to sign files with a public key only, anyone could sign malicious content with your public key.
How to create Certificate Request for CVC certificate as like X.509 (PKCS#10) in Java to send as a certificates signing request to EJBCA Certificate Authority?
Thanks in advance
You can use the cert-cvc library, also open source. This is part of EJBCA and comes with sample code. You can find more information and download at the ejbca.org site.
We are following the below article for over the air enrollment and profile delivery feature
http://developer.apple.com/library/ios/#documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/OTASecurity/OTASecurity.html#//apple_ref/doc/uid/TP40009505-CH3-SW1
We could able to complete steps in Phase 1 and Phase 2. Once the device acquires the certificate from SCEP server(as part of phase 2), it sends the response back to the MDM server. This response is signed by the new certificate.The response consists of signature, plist content and certificate in binary format. Ideally, we need to extract the public key from this certificate and use that to sign the configuration profile (.mobileconfig). However we have difficulty extracting the certificate from the response. Looks like the certificate is corrupted somehow. We tried different encodings. But it didn't help :(
Has anyone successfully extracted the certificate in Phase #3.
Really appreciate any help in this regard.
Thanks
The response from the device is a DER-encoded SMIME string. You can use openssl smime to extract the public key.
if you are using C#, this can be accessed as part of the Pkcs library.
using System.Security.Cryptography.Pkcs
...
//get the data as a byte[]
var signer = new SignedCms();
signer.Decode(input)
//signer.Certificates[0] contains the cert
To extract the certificates you can use openssl cli :
openssl pkcs7 -print_certs -in requestFromDevice.p7s -inform DER
You can then easily parse the output using stdout.split('-----END CERTIFICATE-----') & stdout.split("\n") (in javascript).
I am trying to insalled p12 certificate but gives below error:
"Unable to import an item"
"The content of this item cannot be retrieved".
Password are correct. But the certificate is not displayed under "Keychain -> My Certificate" section.
Can anyone let me know what can be an issue?
One more thing, certificate is there under "Keychain -> Certificates" section. But there is not expand button.
When I get info of that certificate, it's give some extra information as below:
Extension: Certificate Authority Information Access
Critical: NO
Method #1: Online Certificate Status Protocol
URL: ocsp.apple.com/ocsp-wwdr01
Can anyone help me on this?
Thanks.
In response to your comments...
...leave the settings default. I encounter this issue before. I end up revoking all related certificates & private keys and re-requesting certificate with new key & certificate signing request (CSR).