Sdílet prostřednictvím


Swiss Army Knife of X.509 Certificate Tools

Anyone who has dealt with X.509 certificates when trying to design, test and deploy secure Web services will know what an ordeal it can be to locate certificates in various cert stores using different cert identifiers, modify security properties of the private key to allow services accounts to sign or decrypt messages and all the other messing around that is associated with X.509 certificates. I happened to bump into Christian Geuer-Pollmann from the European Microsoft Innovation Center last week - and he showed me an awesome tool they have built to greatly simplify such challenges. This tool is available for download from here.

Comments

  • Anonymous
    August 20, 2007
    The comment has been removed

  • Anonymous
    August 23, 2007
    Hi Jason, Keystore and certificate management can be a complete nightmare depending on your flavourite Web Service toolkit. On the one hand, Axis uses non-standard JKS keystores that can store several certificates for easy access, but do not help with general key distribution. On the other hand, the Windows certificate store supports standard keystore formats (PKCS#12) which is useful, but unfortunately, places a whole range of restrictions on the location of keystores, certificates and CRLs when using something like WSE 3.0 (not much experience in WCF yet!). For example, unless you specify "NoCheck" for CRL validation, you need to install CRLs as well... Downloaded and ran that X509 certificate tool -  very useful for checking where certificates are and getting hold of their DN strings! Cheers, Rowland

  • Anonymous
    November 20, 2007
    Every week or so I get another email asking where the sample code for the SAML STS for WSE 3.0 has been

  • Anonymous
    November 20, 2007
    Every week or so I get another email asking where the sample code for the SAML STS for WSE 3.0 has been

  • Anonymous
    March 03, 2008
    Microsoft WSE 3.0 X509 Certificate Tool has encountered a problems and needs to close any ideas??

  • Anonymous
    December 16, 2008
    The comment has been removed

  • Anonymous
    February 20, 2012
    The download link is broken.

  • Anonymous
    August 02, 2012
    I finally put it here: github.com/.../X509CertificateUtility