Extremely strange and concerning SSL issues. MITM attack?

While not particularly knowledgeable on public key infrastructure, I’ve noticed strange issues with SSL and TLS lately that I’m unable to diagnose. As these issues have currently left me dumbfounded I’m hoping someone more knowledgeable ma… Continue reading Extremely strange and concerning SSL issues. MITM attack?

What are the security implications of storing a CA password for local development only in a repository?

During local development of our website we need some features that are restricted to secure contexts, meaning we need a self signed certificate for ‘localhost’ for some things to work.
To make things as easy as possible for new developers … Continue reading What are the security implications of storing a CA password for local development only in a repository?

Why would a company choose to use different SSL providers for different subdomains

Recently, I happened to notice that a site I was looking at had different certificate providers for different subdomains. Whilst looking around, I found that seems to be somewhat common (or at least not rare).
Whilst I understand the logic… Continue reading Why would a company choose to use different SSL providers for different subdomains

How does Certificate Transparency protect from hacked CA server [duplicate]

I was able to grasp how CT works by reading this explanation, but one thing remains unclear for me – how CT may protect ecosystem from hacked CA server. For example, someone hacked Digicert, and now from it behaves issues EV or regular cer… Continue reading How does Certificate Transparency protect from hacked CA server [duplicate]

How does Certificate Transparency protect from hacked CA server [duplicate]

I was able to grasp how CT works by reading this explanation, but one thing remains unclear for me – how CT may protect ecosystem from hacked CA server. For example, someone hacked Digicert, and now from it behaves issues EV or regular cer… Continue reading How does Certificate Transparency protect from hacked CA server [duplicate]

How to create and embed Signed Certificate Timestamp (SCT) in certificate

I have deployed a Certificate Transparency (CT) log server that uses Google’s CTFE (named "certificate-transparency-go" on Github) and Trillian Projects. And I have issued a pre-certificate, submitted to my own CT log server.
I h… Continue reading How to create and embed Signed Certificate Timestamp (SCT) in certificate