Adobe uses CA signature type as identifier on signatures created with user certificates

I am testing several PKCS12 keystores with ECC type keys, generated by a CA with RSA key, to sign PDF documents. I have also tested with my own certificates from a demo CA certificate. I use Adobe Acrobat Reader DC 2022.001.20085 on Window… Continue reading Adobe uses CA signature type as identifier on signatures created with user certificates

Is it must to have "Key Usage" extension in the selfsigned root certificate?

I have gone through multiple questions but still I am confused. RFC X.509 also does not clarify it.
Conforming CAs MUST include this extension in certificates that
contain public keys that are used to validate digital signatures on
Continue reading Is it must to have "Key Usage" extension in the selfsigned root certificate?

Lack of CLM maturity is putting organizations at risk

More than a year after the historic and damaging SolarWinds attack, nearly 65% of organizations still are unable to secure and govern the growing volume of machine and application identities in the form of digital certificates, the backbone of enterpri… Continue reading Lack of CLM maturity is putting organizations at risk

How can I prevent non-SAN TLS certificates from bypassing name constraints?

I’m trying to create a private CA and want it to only be able to issue certificates for my domain via name constraints.
However, even if I create the CA with restrictions on DNS names as well as directory names like this
New-SelfSignedCert… Continue reading How can I prevent non-SAN TLS certificates from bypassing name constraints?