logo
down
shadow

ASP.NET Web API with x509 security certificate


ASP.NET Web API with x509 security certificate

By : Federico Giovannini
Date : November 27 2020, 01:01 AM
like below fixes the issue There are some "prerequisites" to work with SSL that is:
Setting up IIS to work with the SSL
code :


Share : facebook icon twitter icon
Error when creating Server Certificate - X509 Certificate Based Authentication in IBM Worklight 6.2

Error when creating Server Certificate - X509 Certificate Based Authentication in IBM Worklight 6.2


By : jdiotte
Date : March 29 2020, 07:55 AM
should help you out The second error appears because the Root CA certificate failed to be properly generated, so it is saying that it could not find a trusted certificate for it, so after you fix the first error the other ones should work.
The first error happens because something is missing in your openssl.cnf file. In your configuration, you have to specify which fields are optional for you and which are required. As shown in slide 18 in the User Certificate Authentication Getting started guide, you specify each one in the policy_match section like this:
code :
[ policy_match ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
Java Security - X509 Certificate Verification with Public Key

Java Security - X509 Certificate Verification with Public Key


By : oldirtybo
Date : March 29 2020, 07:55 AM
fixed the issue. Will look into that further Typical PKI systems use Certificate Authorities to issue certificates to subjects (by signing them). By signing Certificate Authority forms a chain from the CA to the subject's certificate, this chain can contain multiple CA's if CA1 (root CA) sings CA2's (intermediate CA) certificate which in turn sings the subject's certificate. This is very common on the Internet (for SSL/TLS) and in digital signature scenarios.
So you most likely need at least one CA's certificate and it's public key to verify the subject's certificate. Your program can support multiple independent CA's as well. The CA's your program accepts are usually called Trust Anchors. Keeping the Trust Anchors in a KeyStore is also very convenient.
code :
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");

final X509Certificate certificateToCheck = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certBytes));

final KeyStore trustStore = KeyStore.getInstance("JKS");
InputStream keyStoreStream = ...
trustStore.load(keyStoreStrem, "your password".toCharArray());

final CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX");
final X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(certificateToCheck);

final CertPathParameters certPathParameters = new PKIXBuilderParameters(trustStore, certSelector);
final CertPathBuilderResult certPathBuilderResult = certPathBuilder.build(certPathParameters);
final CertPath certPath = certPathBuilderResult.getCertPath();

final CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
final PKIXParameters validationParameters = new PKIXParameters(trustStore);
validationParameters.setRevocationEnabled(true); // if you want to check CRL
final X509CertSelector keyUsageSelector = new X509CertSelector();
keyUsageSelector.setKeyUsage(new boolean[] { true, false, true }); // to check digitalSignature and keyEncipherment bits
validationParameters.setTargetCertConstraints(keyUsageSelector);
final PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) certPathValidator.validate(certPath, validationParameters);

System.out.println(result);
Try to run the azure-iot-sdk-java provisioning-x509-sample with an own x509-certificate

Try to run the azure-iot-sdk-java provisioning-x509-sample with an own x509-certificate


By : scott.krieger
Date : March 29 2020, 07:55 AM
it fixes the issue DPS only supports TLS 1.2. TLS connections from older versions will be rejected.
How to get the certificate into the X509 filter (Spring Security)?

How to get the certificate into the X509 filter (Spring Security)?


By : user3784791
Date : March 29 2020, 07:55 AM
like below fixes the issue No you can't get it that way. You need to grab it from the HttpServletRequest:
Check X509 certificate revocation status in Spring-Security before authenticating

Check X509 certificate revocation status in Spring-Security before authenticating


By : Benjamin
Date : March 29 2020, 07:55 AM
I hope this helps . I'm not sure about the specifics of Spring-Security, but if it's based on the trustmanagers of the JRE (if if it's the Oracle/Sun JRE), you can activate CRL checks by setting these system properties to true: com.sun.net.ssl.checkRevocation and com.sun.security.enableCRLDP, and setting Security.setProperty("ocsp.enable", "true") (thanks to @WillSargent for pointing out it's a Security property, not a system one).
More details here:
Related Posts Related Posts :
  • Retrieve DropDownList value in RowUpdating event asp.net
  • Microsoft.Web.Infrastructure.dll pain
  • Replace NULL in querystring asp.net
  • Exception after installing ASP.NET Route Debugger
  • Web API httpget with many parameters
  • How to hard code a select list from a value?
  • Passing parameter to telerik popup
  • ASP.NET get cell from DataRow in a datatable?
  • how can I use a Microsoft Account to authenticate to my website
  • Unable to start debugging on the web server. Unable to connect to the webserver
  • Not able to connect to cube
  • PDF creation using itextsharp is not working in client's server
  • Date field does not display the value in Chrome browser
  • Get Text of Hyperlink which is sitting inside template field in a gridview
  • how to scale image in email body?
  • FormAuthentication not working
  • Using Entity Framework constructors in derived classes
  • Code first database not being created from model
  • Loading external DLL into WinDBG
  • Pass JSON data to strongly typed partial view in ASP.NET
  • ASP.NET MVC 4 Application w/ Areas apps suffering horrible render times
  • view sections cause problems if not rendered in layout
  • Modifying code in a website on IIS
  • Autofac and WebAPI - Default constructor error
  • RouteConfig triggers 500 error when refreshing page
  • Is it possible to change the query string value
  • MetroUI buttoon server side Click Event
  • Change default idseparator in .Net 3.5?
  • Placing DataBound Drop Down List into TableCell
  • MVC 5 AspNet Identity - Value cannot be null. Parameter name: source
  • Save the value of Dynamically created textbox
  • asp.net identity membership saving both email and username for a user
  • IIS Manager Error
  • Grid dont have data Kendo UI and AngularJS in ASP.NET MVC
  • Project stops working after installing signalr
  • While querying with linq , Max function retrieves upto '9' if more than 9 values in the list
  • shadow
    Privacy Policy - Terms - Contact Us © ourworld-yourmove.org