simply about difficult
There is two common way to check TLS certificate revocation status: Certificate Revocation List (CRL) Online Certificate Status Protocol (OCSP) The second option is more faster and modern way to do that. The OCSP link must be presented some way to do that. There are at least two options: Your Certificate Authority (CA) automatically puts […]
READ MORELet’s imagine that you need to download a certificate from a website / service / endpoint and put it in the trusted certificates store (JKS or cacerts). To do this, you need to fill in the parameters SERVER_URL, ALIAS_NAME, CERT_NAME and run the script: As a result, an trusted jks storage will be created with […]
READ MOREgRPC doesn’t support JKS out of the box, but there is a workaround. Below is an example of how to use gRPC and JKS. Server side Client side If you don’t need to use custom truststore, you need to do nothing. If you need to use custom truststore, use example below: You can use trustManagerFactory […]
READ MOREFull text of the error: If you encounter such an error, there are at least two reasons: Incompatible version of boring-ssl library. Private key problem. For example, we wrote our own KeyManager implementation and the getPrivateKey() method returns null, or there is no such private key at all.
READ MOREFull text of the error: If you encounter such an exception, it could mean that you are trying to access somewhere using https/ssl/tls, but the endpoint does not support it, and supports plain connection/http. Thanks ingenuity2k.
READ MOREThe documentation states that setting an ACL via the ZooKeeper CLI usually works like this: In the case of the x509 scheme, the Authenticated ID for the user is the DN string of their certificate. In confirmation of this, when a user connects via a certificate, there is a line in the server log: Now, […]
READ MOREWe assume that openssl is already installed. User certificate with a SAN Create a new file named ext.cnf in the folder where we are going to generate certificates. Write the lines to the file: Replace records in alt_names section with your owns. Now, you need to add a flag to the command, which you use for cert […]
READ MOREWe assume that openssl is already installed. User certificate with a UPN field Create a new file named ext.cnf in the folder where we are going to generate certificates. Write the line to the file: Replace text your_text_here with your own. The rest does not need to be touched. Now, you need to add a […]
READ MOREWe have a keystore with an imported certificate and we need to work with it in code. We are going to import cert into an X509Certificate class object. After that, you can work with it further, or simply display some information about it, for example: Subject X500 Principal, Issuer X500 Principal Subject DN, Issuer DN […]
READ MOREThe exception looks like this: This is because the CN (Common Name) field of the certificate must match the hostname where the certificate will be installed. If it is problematic to reissue certificates, you can disable this check for test environments. ZooKeeper Java client There are several ways to configure SSL, you can learn about […]
READ MORE