I have a local setup of Open SSL. For every certificate request i create a ...cert.pem and ...pfx file.
I need open the cert.pem and the pfx to read the below data
1) Certificate serial id
2) Expiry date
3) Validity date
Is there some API that can help me do this?
You can read PFX (PKCS#12) certificates using JDK API without BouncyCastle:
KeyStore ks = KeyStore.getInstance("pkcs12", "SunJSSE");
ks.load(new FileInputStream("foo.pfx"), "passwd".toCharArray());
X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
...
For reading PEM files see this SO answer
Related
I'm having trouble understanding how to get/generate a private key for some certificates I requested.
I've created a CSR using the DigiCert Certificate Utility for Windows, which gave me a csr.txt file as an output but no .key file.
Then I proceeded to request the certificates by inserting the above mentioned CSR in the Certificate Management portal of my company.
Now I have received the p7b files and the related CSRs, but no private keys: is it possible to generate it now?
Thanks in advance,
Tommaso
Use the import function of the DigiCert Certificate Utility for Windows. The key is stored on software in the machine where the CSR was created. After the import the key and the certificate are associated and should be in the Windows certificate Store. If the key was generated with the exportable flag, you can export a PKCS#12 and convert that to a key file using openSSL.
A little bit of context:
I used to generate CSRs from IIS "Create certificate request", import that in my provider (GoDaddy) and get a .crt in return. Then I used to go again to IIS to "Complete certificate request" and generate the .pfx
I want to automate this process as much as possible including importing the CSR to GoDaddy and downloading the .crt file.
Right now I was able to automate the CSR creation with certreq.exe but note sure how to complete the request using powershell to create the .pfx when I have the .crt file from GoDaddy. I know I can do it with openssl but I'm missing the private key.
I think when I create the CSR request with certreq.exe, it generates the .pfx on "MMC > Certificate Enrollment Requests" which has the private key so I was wondering if every time I request the CSR, I have to export that .pfx and with openssl extract the private key to use it with my.crt file from GoDaddy?
Hopefully I was able to explain correctly what I'm trying to accomplish and somebody can help me with this.
I have followed the instruction for creating x509 cert, however, after uploading the cert, i get
Your x.509 certificate is invalid. Please upload a new certificate
Anyone seeing the same?
Can you please provide more details about your certificate:
1) Was it a valid X.509 certificate, base64 encoded ( PEM ) format with 1024 bytes key size ?
Also the link you posted is incorrect for the documentation. It is here :
Create X509 Certificate
2) Is the error occuring at the time of uploading CERT or at the time of registering ( clicking on the submit button ) ?
You can always just export the public key only from the PEM and upload that.
You would need to submit a support ticket for us to investigate your cert as we would need to take a look at it.
I have followed the .Net self sign instructions with no issues. However others have had issues with PEM. Follow them to the letter, or like I said export the pub cert as text. that should work.
regards,
Jarred
I purchased a wildcard certificate from GoDaddy and I want to associate this certificate with a website on AppHarbor.
AppHarbor only allows me to upload a PFX certificate. So, how do I convert a .CRT to a .PFX?
If the contents of the .CRT files is a base-64 encoded certificate and it starts with BEGIN CERTIFICATE, you can dispense with the .pfx file and use keypair certificate entry method on AppHarbor.
PFX is the private information exchange format (Windows calls them like this) and is actually the PKCS12 keystore.
All you have to do is import the certificate in your keystore that already has your private key and use that. You don't need to transform the certificate
We are following the below article for over the air enrollment and profile delivery feature
http://developer.apple.com/library/ios/#documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/OTASecurity/OTASecurity.html#//apple_ref/doc/uid/TP40009505-CH3-SW1
We could able to complete steps in Phase 1 and Phase 2. Once the device acquires the certificate from SCEP server(as part of phase 2), it sends the response back to the MDM server. This response is signed by the new certificate.The response consists of signature, plist content and certificate in binary format. Ideally, we need to extract the public key from this certificate and use that to sign the configuration profile (.mobileconfig). However we have difficulty extracting the certificate from the response. Looks like the certificate is corrupted somehow. We tried different encodings. But it didn't help :(
Has anyone successfully extracted the certificate in Phase #3.
Really appreciate any help in this regard.
Thanks
The response from the device is a DER-encoded SMIME string. You can use openssl smime to extract the public key.
if you are using C#, this can be accessed as part of the Pkcs library.
using System.Security.Cryptography.Pkcs
...
//get the data as a byte[]
var signer = new SignedCms();
signer.Decode(input)
//signer.Certificates[0] contains the cert
To extract the certificates you can use openssl cli :
openssl pkcs7 -print_certs -in requestFromDevice.p7s -inform DER
You can then easily parse the output using stdout.split('-----END CERTIFICATE-----') & stdout.split("\n") (in javascript).