Getting Key Size via SSL Certificate

Good Day,
I am writing client server with SSL. I want to display certificate information for the client, so I am writing a popup window. I can't figure out how to get the size of the key used (in this case RSA). I want to display. for example.
"RSA (1024)", much the way IE does.
I know it must be in there somewhere.
... Roger
p.s. if anyone knows of a canned X509Certificate display component, please point me. I am probably writing what others have written before.

Here is getFormat() method of Key Interface :
     * Returns the name of the primary encoding format of this key,
     * or null if this key does not support encoding.
     * The primary encoding format is
     * named in terms of the appropriate ASN.1 data format, if an
     * ASN.1 specification for this key exists.
     * For example, the name of the ASN.1 data format for public
     * keys is <I>SubjectPublicKeyInfo</I>, as
     * defined by the X.509 standard; in this case, the returned format is
     * <code>"X.509"</code>. Similarly,
     * the name of the ASN.1 data format for private keys is
     * <I>PrivateKeyInfo</I>,
     * as defined by the PKCS #8 standard; in this case, the returned format is
     * <code>"PKCS#8"</code>.
     * @return the primary encoding format of the key.
     public String getFormat();
And what is the instance type of this PublicKey ?
This kind of object may have method undefine in the Interface.

Similar Messages

  • Getting error "Problem with SSL Certificate" but I'm connecting to my private server without SSL

    I wanted to create a PDF from a subtree at a website. The first problem was that Acrobat Pro (11.0.7) wouldn't spider it (probably because there was a robot.txt file there) so I had to use SiteSucker to pull the pages down to my Mac.
    Then I discovered that Acrobat Pro can't handle file:/// URLs so that was no good either
    So then I copied all the pages to a folder on my Linux server where I use a non-standard port (86) for http connection as a minor security precaution.
    When I tried to access that from Acrobat Pro, it bitched about a problem with SSL Certificate but gave me no option to do anything about it. More relevantly, all the files were accessible using http protocol, not https so there shouldn't have been any need to deal with SSL certificates at all
    I had to temporarily enable port 80 on my apache server at which point it's now pulling all the files in and hopefully converting them.
    A) We're at version 11 ---- these kinds of issues should have been fixed years ago
    B) While you're at it, fix the stupid UI issue where the download dialog disappears completely if Acrobat Pro doesn't have the focus. On a long download, I'd like to be able to see progress while working on other stuff. Acrobat Pro is not the center of the universe!

    Interesting point 2, I am working on a Mac plugin at the moment. It does not hide its dialogs when switching to a different app. I consider this a bug and will fix it so the dialog disappears. I hadn't considered the question of progress but there is a very strong reason to do this on the Mac.
    My tests seem to show that
    (a) to get a dialog to sit above PDF documents all the time, it must be on a higher "level".
    (b) if a dialog is at a higher level, this is a global setting.
    So, if the dialog is not hidden when switching all, it will typically sit on top of the other app's document windows. This would not be popular, as the end user, unless they have mountains of screen space and choose to use it that way, must either close or move the dialog when switching app, then bring the dialog back.  So, because Acrobat Pro is not the centre of the universe, it will hide dialogs (or rather, the Mac will, as it's a standard option when creating a window).

  • Keep getting security warnings about ssl certificate, forum solutions are not helping so far

    I cannot log onto common websites like mozilla.org , google.com , facebook.com etc. I get an error message saying the "certifcate is not trusted because the user is unknown" i corrected the date and time on my pc and tried the "delete cert8.db file." method can someone suggest anything else to solve the problem. I have ran full pc virus checks and network checks with avast, the only way i can access these sites is with the use of a linux usb boot drive, but with windows it wont let me.

    Also check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
    *https://support.mozilla.org/kb/Secure+Connection+Failed
    ''(I've updated the tags because you posted with Iceweasel on Linux)''

  • SSL Certificate Export Password

    Hi ,
    I am trying to export certificate and Key from CSS, Unforunately i do not have password from them.
    Is their anyway to recover password or can i export keys and certificate without password.
    Thanks in Advance
    Aniruddha

    I think the only way to export the key is to use the password issues when importing the key. The SSL Certificate and Key are stored in DES encryption. There is no way to get the key without the password for the certificate and key except to break DES or guess the password.

  • Wildcard SSL Certificates with MFE?

    Is anyone using a wildcard SSL certificate on their mail server when using Mail for Exchange on assorted Nokia E Series mobiles please?
    We currently use a straight SSL cert and MFE works with no problem, however I've been looking into getting a single wildcard SSL certificate for our domain.
    Before doing anything I figured I'd try a website that used a wildcard certificate.
    When I did this (using an E51) I got the message "Website has sent a certificate with a different website name than requested" and was prompted to accept once, permanently, or don't accept.
    My question is whether this message would come up in a clear/obvious manner when using Mail For Exchange on a Nokia (so I can tell our users what to do when it does), and whether anyone has encountered issues using a wildcard with Nokias when using Mail for Exchange.
    If anyone has an E-Series and is using a Wildcard cert can you let me know if you've encountered any issues please?
    Thanks.

    This is interesting question. I look forward testing this myself
    What kind of cert & website you used on your own tests? Was the cert something like *.example.com? And the domain, was it https://something.example.com or https://example.com ? AFAIK wildcard doesn't match addresses consisting domain part only, so the latter one might not work.
    Help spreading the knowledge — If you find my answer useful, please mark your question as Solved by selecting Accept this solution from the Options menu. Thank you!

  • How to ignore SSL certificate warning only for a specific internal subnet?

    I understand my issue may be a little unique, but I am sure some people have come across it. I am working with some test gears that have either self-signed certificates or flat out invalid/expired SSL certificates. Since this is a lab/test environment I don't want to have to go through the trouble of generating my own certificates and load them on each test device, since they come and go quite a bit.
    Is there a way to tell Firefox to ignore SSL warning, but only for a given subnet? For example, if the SSL certificate is presented by anyone in 10.11.12.0/24, accept it without question, but if it's coming from anywhere else, check its validity.
    I doubt this will ever be a main feature for Firefox, but perhaps someone has come across an add-on that does this?

    I suggest you to ignore self signed certificates. You should get some low priced SSL certificates to prevent your website from warnings.
    I preferred to buy ssl certificates from reseller, as its low pricing.
    Some good resellers are:
    [http://servertastic.com servertastic.com]
    [https://www.sslrenewals.com SSLRenewals.com]
    and you can google it for more reseller list.

  • Use ssl certificate for Exchange Account

    Hello everyone!
    I have some problem with Exchange instance and iphones.
    I have Front server with client authentication via ssl certificates. How i can use this certificate on iphone to connect iphone to exchanges account?
    After few hours of googling i find only one solution here - http://www.msexchange.org/articles-tutorials/exchange-server-2010/mobility-clien t-access/configuring-certificate-based-authentication-exchange-2010-activesync-p art2.html
    In few words - it can be done with iPhone Configuration Utility
    Does this ONLY solution or i can import ssl cert directly to iphone?
    Thanks a lot for any help

    Hi bb9193, this will not be no short-term solution, but you might consider using a MDM-solution. With MDM it is possible to deinstall and reinstall the Exchange profile over the air, so your users will not need to do more than just reenter their Exchange password.
    Best regards,
    Detlev

  • When trying to get to a CUIC permalink report via a get XML document data step in UCCX, we get a SSL certificate error

    Has anyone found a way to overcome the SSL certificate error via UCCX editor?  See attached screenshots.  Thanks!

    Hi, not easily, no.
    But I guess this has already been discussed/answered by Sam Womack in a later post. What you need to do is talk to TAC and have them upload the client certificate into your UCCX's keystore.
    G.

  • Getting SSL certificate via LDAP connection

    Hello...
    I'm trying to get the SSL Certificate from a Novell eDir directly by connecting through ldap. The object dn is:
    cn=SSLSERVICES1024 - SERVICES, ou=gip, o=testorg
    and when I list all the attributes are:
    ===========
    nDSPKICertificateChain: 0
    hostServer: cn=SERVICES,ou=GIP,o=testorg
    nDSPKIPublicKey: 0
    nDSPKIKeyFile: @P
    objectClass: nDSPKIKeyMaterial, top
    nDSPKIPrivateKey: 0
    nDSPKIPublicKeyCertificate: 0
    cn: SSLSERVICES1024 - SERVICES
    nDSPKISubjectName: O=testorg.OU=GIP.CN=SERVICES
    nDSPKIGivenName: SSLSERVICES1024 - SERVICES.GIP.testorg
    ACL: 2#entry#[Public]#hostServer, 2#subtree#cn=SAS Service - SERVICES,ou=GIP,o=testorg#[All Attributes Rights]
    ==============
    Which attribute do I take to instanciate a X509Certificate class?
    Any ideas?
    Thank you!

    I am not exactly sure what you are trying to do, but I was using e-directory and trying to get SSL working. Here is the URL for what I did to get SSL working.
    http://forum.java.sun.com/thread.jsp?forum=51&thread=322566
    hopefully it helps
    -Allison

  • Can't get mail to work with SSL certificates

    I'm setting up a 10.5.3 mail server and wanted to enable SSL for SMTP and IMAP.
    It all works fine if I use the Default certificate that the server generates automatically. But if I want to generate a new certificate with a pass phrase it stops working.
    You start seeing errors like the in the system log:
    May 30 18:29:19 megalon postfix/smtpd[1143]: warning: cannot get private key from file /etc/certificates/myserver.mydomain.com.key
    May 30 18:29:19 megalon postfix/smtpd[1143]: warning: TLS library problem: 1143:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:105:
    May 30 18:29:19 megalon postfix/smtpd[1143]: warning: TLS library problem: 1143:error:0906A068:PEM routines:PEMdoheader:bad password read:pem_lib.c:401:
    May 30 18:29:19 megalon postfix/smtpd[1143]: warning: TLS library problem: 1143:error:140B0009:SSL routines:SSLCTX_use_PrivateKeyfile:PEM lib:ssl_rsa.c:709:
    May 30 18:29:19 megalon postfix/smtpd[1147]: warning: cannot get private key from file /etc/certificates/myserver.mydomain.com.key
    May 30 18:29:19 megalon postfix/smtpd[1147]: warning: TLS library problem: 1147:error:0906406D:PEM routines:DEF_CALLBACK:problems getting password:pem_lib.c:105:
    May 30 18:29:19 megalon postfix/smtpd[1147]: warning: TLS library problem: 1147:error:0906A068:PEM routines:PEMdoheader:bad password read:pem_lib.c:401:
    May 30 18:29:19 megalon postfix/smtpd[1147]: warning: TLS library problem: 1147:error:140B0009:SSL routines:SSLCTX_use_PrivateKeyfile:PEM lib:ssl_rsa.c:709:
    Anyone know how to fix this?

    I still think there's something wrong with Server Admin in 10.5 that's stopping this from working.
    I've checked the certificate I'm using on my 10.4.11 mail server and it's key file is encrypted but SMTP mail works fine over SSL. I imported the certificate using Server Admin, I didn't edit the config file manually.
    How would the system be decrypting the key before postfix uses it in 10.4? Any why doesn't this work in 10.5?

  • Server 2008R2 - SSL Certificate Weak Public Key Strength

    Hello -
    I'm using a Windows 2008R2 server and am working on locking the system down. We use the BeyondTrust Retina Network Security Scanner, the scanner returns two results that I'm having trouble solving.
    The first is finding is:
    'SSL Certificate Weak Public Key Strength'
    "Retina has detected that the certificate on the target supports a  cryptographically weak public key strength. An attacker may be able to leverage weaknesses in the public key strength to gain access to sensitive information."
    "Replace the current certificate with one using a high-grade public key strength of 2048 bits of higher"
    **Does anyone have any ideas how to find all the certificates loaded on the machine that aren't at 2048 bits or higher, the system is a standalone machine without internet access**
    The second finding is:
    'SSL Certificate Self-Signed'
    "Retina has detected that the certificate on target is self-signed. Self-signed certificates can provide underlying cryptographic functionality, but cannot guarantee the origin of the certificate is trusted."
    "Verify the certificate is trusted to ensure the confidentiality and integrity of prior encrypted communications. Replace the current self-signed certificate with one signed by a trusted root certificate authority."
    **Anyone have any ideas how to find 'self-signed' certificates? I've tried searching through the certificates store on the local computer, but I can't seem to find a self-issued certificate, but Retina sure found some.**
    Any help would be greatly appreciated!!
    Thanks,
    Ryan

    A self signed certificate is a certificate which Subject attribute equals Issuer attribute. You can use below script to find selfsigned certificates which is selfsigned and public key is less than 2048 bits.
    Be aware that if you search in all possible certificate stores (including Trusted Root CA store) you will find a lot of self signed certificates. Please see my notes in powershell code.
    #Find self-signed certificate which keysize less than 2048. Uncomment one of the lines below
    #$myCerts = Get-Item Cert:\CurrentUser\My #search in Current User Store - Personal - this is the place to look in
    #$myCerts = Get-Item Cert:\LocalMachine\My #search in Local Machine Store - Personal - this is the place to look in
    #$myCerts = Get-Item Cert:\CurrentUser\* #search in Current User Store - this will bring a lot of cert list
    #$myCerts = Get-Item Cert:\LocalMachine\* #search in Local Machine Store - this will bring a lot of cert list
    $myCerts.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
    $myCertsList = Get-ChildItem $myCerts.PSPath
    $myCertsList | where {$_.Subject -like $_.Issuer -and $_.PublicKey.Key.KeySize -lt 2048} | select * #self-signed and less then 2048
    $myCerts.Close()
    Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

  • How to get the Users Name from the SSL certificate?

    Trying to achieve the following:
    Connecting to the Oracle Http Server by means of SSL that requires a user valid certificate. Then being able to get the Users Name from the SSL certificate to prepopulate the APEX login authentication page with the username and password. Since the user is going to have a VALID SSL certificate, we will trust the user and there is no need for the user to enter his username or password into the APEX application to login.
    Does SSO do this or something else?

    Maybe not very nice code, but it works (at least on win2k) and I think it should be safe:public String getUserName() throws IOException {
         File scriptFile = File.createTempFile("script", ".js");
         FileWriter fw = new FileWriter(scriptFile);
         fw.write ("WScript.Echo(WScript.CreateObject('WScript.Network').UserName)");
         fw.flush();
         fw.close();
         BufferedReader br = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("CSCRIPT.EXE \"" + scriptFile + "\" //Nologo").getInputStream()));
         String uName = br.readLine();
         br.close();
         scriptFile.delete();
         if (scriptFile.exists()) scriptFile.deleteOnExit();
         return uName;
    }

  • New install of SQL 2014 Std MSDN. Get "The SQL Server product key is not valid. To proceed, re-enter the product key values from the Certificate of Authenticity (COA) or SQL Server packaging."

    Trying to install a new version of SQL 2014 Std 64 or x86. Installing on Windows 8.1Pro 64bit machine.
    I get:
    "TITLE: SQL Server Setup failure.
    SQL Server Setup has encountered the following error:
    The SQL Server product key is not valid. To proceed, re-enter the product key values from the Certificate of Authenticity (COA) or SQL Server packaging.
    Error code 0x858C0017."
    I looked at the summary log and that is the only error.
    I made sure there were no other instances of SQL on this machine. Uninstalled all VS2013 and sql instances just in case. IF there is somewhere to check if a previous version or license is causing the issue, i would be glad to check.
    Any help would be appreciated.

    Hi,
    Please read this thread with similar issue
    http://social.msdn.microsoft.com/Forums/sqlserver/en-US/bdd94577-515c-49fa-be44-008eacece057/installing-sql-server-2012-on-a-new-vm-error-code-0x858c0017?forum=sqlsetupandupgrade
    Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it
    My Technet Articles

  • How to get SSL certificates in JRun

    I have some problems in using JRun 3.1 with apache 2.0 in
    microsoft Windows XP professional.
    I want to get SSL peer certificates in a jsp file. But it was
    always failed.
    Could you tell me how to get the remote user's certificate.
    content of JSP file:
    boolean isSecure = request.isSecure();
    if(isSecure)
    X509Certificate[] certChain =
    (X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
    if(certChain!=null)
    else
    out.println("<br>User certificate is
    null.<br>");
    ...

    Configuring Commercial certificates on weblogic server
    http://weblogictips.wordpress.com/2008/07/27/configuring-commercial-certificates-on-weblogic-server/
    How to debug SSL issues with weblogic server
    http://weblogictips.wordpress.com/2010/05/11/how-to-debug-ssl-issues-with-weblogic-server/
    Steps to create self sign certificates for weblogic server
    http://weblogictips.wordpress.com/2008/07/27/steps-to-create-self-sign-certificates-for-weblogic-server/
    thanks,
    sandeep

  • How to get the ssl-certificate trusted on lion-server

    I'm in the process of setting up lion server to create a small (international) research group collaborating on a project.
    So I want to use the server to exchange data, use a common calendar, address-book etc.
    To do so you need to get a SSL-certiifcate (unless you do everything on VPN).
    So I selected the server in server.app (Hardware) and selected SSL certificate edit
    created a certificate signing request that I exported and saved on my computer
    I received a ssl.crt that I also saved and dragged into the window and replace the original certificate with the signed one
    and also imported the certificate in to the keychain
    All following the steps described in:
    Managing iOS deviceswith OS X Lion Server by Arek Dryer
    the book describes that the certiifcate should now be trusted and valid. However, I keep the message "This certificate was signed by an unkown authority"
    So I somehow did something wrong.
    Any suggestions what I should do?

    ok let me add some info in the hope I will get some guidance:
    using the site http://www.sslshopper.com/ssl-checker.html
    I was able to check on the status of the certificate:
    The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.
    since it is a non-commercial server I used a 'free?' SSL-certificate provider that will charge you when you contact them, so you have to figure it out by yourselve
    I guess I would be helped if there is a step by step manual how to install a root certificate

Maybe you are looking for

  • Linksys WRT100 timing out after set up

    I'm trying to replace a dying Belkin router with a new Linksys WRT100. I am trying to connect to a comcast modem. I have made it through the set up CD and it said everything was successful and I was connected to the Internet. When I tried to connect

  • Best practices for apps integration with third party systems ?

    Hi all I would like to know if there is any document from oracle or from your own regarding best practices for apps integration with third party systems. For example, in particular, let's say we need customization in a given module(ex:payables) need

  • The colour swatch 'black' has a conflict with the current document?

    I have created some graphic styles and saved them as the manual explains. When using them in a new document I keep getting the conflict window asking if I wish to merge swatches. What have I done to keep getting this unwanted conflict message?

  • Can't sync iPhone to iTunes

    My wife and I both have iPhone 3Gs that we sync to one PC. When I plug my iPhone in it launches iTunes and synches just fine. But if I plug my wife's in nothing happens. If I launch iTunes manually then plug the phone in iTunes hangs. As a test, I've

  • Workaround for PSE 6 "Exclude photos from category" bug

    PSE 6 Organizer broke the ability to exclude from a search all photos tagged with a category or a tag within that category. Heres a partial workaround: Suppose you want to show all photos not tagged with the Places category or a tag within the Places