Why is my website certificate not verified by all browsers. Is this related to my CA or just misconfiguration?

I have a certificate signed by https://www.noip.com which I’m using in my website (https://angola.sytes.net), but the certificate is only recognized by some browsers in some places.
If you take a look at my website you’ll see that the cert… Continue reading Why is my website certificate not verified by all browsers. Is this related to my CA or just misconfiguration?

Examples of private key leakage / compromised keypair resulting in certificate revocation

I am looking for some examples of private key leakage or compromised keypair (via insider attack, configuration mistake, etc.) that lead to certificate revocation. I am particularly looking for cases when CA was compromised but can also us… Continue reading Examples of private key leakage / compromised keypair resulting in certificate revocation

Should Subordinate CAs on separate domains point to one location for CDP and AIA?

I’m a bit confused with how CRLs and AIAs work. I am on a domain B and I have been tasked with building a Subordinate CA that has an offline Root CA located in Domain A perimeter. These domains are not in the same forest. There is a tru… Continue reading Should Subordinate CAs on separate domains point to one location for CDP and AIA?

Recommendations on PKI roles as per ETSI EN 319 401 – V2.3.1

I want to configure roles (least privilege) on my CA instance (EJBCA) and I’m trying to find what are the best practices to do this.
I’ve tried to read the ETSI EN 319 401 – V2.3.1 standard and try to implement this on EJBCA but it is not … Continue reading Recommendations on PKI roles as per ETSI EN 319 401 – V2.3.1

When renewing a TLS certificate (no change to CSR nor private key), will the modulus remain the same?

Here is the scenario, just wanted confirmation that I am understanding it correctly.
I have a TLS certificate that will expire soon;
Upon renewal, I paid the CA, and they reissued me with a new public key (AKA certificate), which has a new… Continue reading When renewing a TLS certificate (no change to CSR nor private key), will the modulus remain the same?

Adobe uses CA signature type as identifier on signatures created with user certificates

I am testing several PKCS12 keystores with ECC type keys, generated by a CA with RSA key, to sign PDF documents. I have also tested with my own certificates from a demo CA certificate. I use Adobe Acrobat Reader DC 2022.001.20085 on Window… Continue reading Adobe uses CA signature type as identifier on signatures created with user certificates