Swiss Army Knife of X.509 Certificate Tools


Anyone who has dealt with X.509 certificates when trying to design, test and deploy secure Web services will know what an ordeal it can be to locate certificates in various cert stores using different cert identifiers, modify security properties of the private key to allow services accounts to sign or decrypt messages and all the other messing around that is associated with X.509 certificates. I happened to bump into Christian Geuer-Pollmann from the European Microsoft Innovation Center last week – and he showed me an awesome tool they have built to greatly simplify such challenges. This tool is available for download from here.

Comments (8)

  1. Rowland says:

    Hi Jason,

    Keystore and certificate management can be a complete nightmare depending on your flavourite Web Service toolkit.

    On the one hand, Axis uses non-standard JKS keystores that can store several certificates for easy access, but do not help with general key distribution.

    On the other hand, the Windows certificate store supports standard keystore formats (PKCS#12) which is useful, but unfortunately, places a whole range of restrictions on the location of keystores, certificates and CRLs when using something like WSE 3.0 (not much experience in WCF yet!). For example, unless you specify “NoCheck” for CRL validation, you need to install CRLs as well…

    Downloaded and ran that X509 certificate tool –  very useful for checking where certificates are and getting hold of their DN strings!

    Cheers,

    Rowland

  2. Every week or so I get another email asking where the sample code for the SAML STS for WSE 3.0 has been

  3. Every week or so I get another email asking where the sample code for the SAML STS for WSE 3.0 has been

  4. DaVe says:

    Microsoft WSE 3.0 X509 Certificate Tool has encountered a problems and needs

    to close

    any ideas??

  5. djkaushal says:

    The download link is broken.

  6. Christian Geuer-Pollmann says:

    I finally put it here: github.com/…/X509CertificateUtility