pkcs12 – WindowsTechs.com

How to create a pkcs12 store where the private key is encrypted with a different password than the store itself?

Posted on February 16, 2024 by user304589

Basically, as the title says.
Neither keytool nor openssl allow that.
EDIT: apparently, pkcs12 doesn’t support that. So, use JKS, which you can easily create with keytool.

Continue reading How to create a pkcs12 store where the private key is encrypted with a different password than the store itself?→

What’s the difference between DER and PKCS#12 formats? [closed]

Posted on October 9, 2023 by daego

Both are binary files and both can store digital certificates and private keys.

Continue reading What’s the difference between DER and PKCS#12 formats? [closed]→

How to handle KB5025823 X509 changes correctly?

Posted on June 27, 2023 by Francis Ducharme

According this change here, .NET Core will handle imports of X509 certificates differently.
Using .NET 6, for the value of System.Security.Cryptography.Pkcs12UnspecifiedPasswordIterationLimit, we either have to specify -1 to ignore this ch… Continue reading How to handle KB5025823 X509 changes correctly?→

how to create truststore and keystore

Posted on June 12, 2023 by ethicalhacker

I created a root CA and intermediate CA, and then created a server CA certificate signed by the intermediate CA. The purpose of whole that is for a TLS one way encryption between a java thin client and a server.
Please find the commands be… Continue reading how to create truststore and keystore→

Help understanding PKI MTLS and digital signature architecture

Posted on November 11, 2022 by user3677636

I’m building an identity service using PKI and MTLS for authentication where users are supposed to be able to sign data e.g. a json string or a document.
Where I am now
I have implemented working MTLS using AWS ACM PCA as Private CA and KM… Continue reading Help understanding PKI MTLS and digital signature architecture→

Can/should a x509 client auth certificate be used to sign data?

Posted on November 10, 2022 by user3677636

I’m building an identity service and have successfully managed to implement MTLS authentication using x509 client certificates to identify the user.
However, we also want the user to be able to sign some data.
At the moment we’re signing t… Continue reading Can/should a x509 client auth certificate be used to sign data?→

Do I need different certificates for MTLS and Signing data?

Posted on November 10, 2022 by user3677636

I’m building an identity service using PKI and MTLS for authentication.
I use AWS ACM PCA for private certificate authority and AWS KMS for key pairs. I use the private key created by KMS to sign the Certificate Signing Request that’s sent… Continue reading Do I need different certificates for MTLS and Signing data?→

How to create PKCS12 container with no password

Posted on October 28, 2022 by matoro

I have set up 802.1x authentication on my wireless network with EAP-TLS. The use case here is that I would like the presence of a certificate to be both necessary and sufficient for connecting to the network. The condition is that there … Continue reading How to create PKCS12 container with no password→

Strange keystore from payment processor

Posted on October 14, 2021 by maple_shaft

I am working on an older software for a company at the moment and in my work have been upgrading a number of libraries. The app connects to a web service hosted by the third party payment processor, and in doing so it must create a digital… Continue reading Strange keystore from payment processor→

Private key differs when creating a pfx container and then extracting it from it

Posted on September 24, 2021 by thanosam

Assuming a private_key.pem and the associated certificate client_cert.pem signed by CA (CSR signed with private_key.pem).
Next, I create the pfx container with:
# create pfx with private_key.pem and client_certificate.pem
openssl pkcs12 -e… Continue reading Private key differs when creating a pfx container and then extracting it from it→