Collaborate Disseminate
I am having trouble to understand how a TLS certificate is authenticated.
From what I read, a server’s leaf certificate contains:
Server domain name
Server public key
Issuer (CA) domain name
Issuer (CA) signature of this certificate
How … Continue reading How is a TLS certificate authenticated, down to a code level? [duplicate]
The migration of everything to the cloud and corresponding rise of cyberattacks, ransomware, identity theft and digital fraud make clear that secure access to computer systems is essential. When we talk about secure access, we tend to think about human… Continue reading Why machine identities matter (and how to use them)
I work for a big insurance company, they have created a certification authority to generate certificates for their internal webservices. These webservices are accessible from their intranet only and are called by their applications and ser… Continue reading Auto-certification of internal services, does it make sense?
I am new to SSL certificates and trying to wrap my head around this concept. As per my understanding when a valid certificate is signed (by one of the many official CAs) it can also sign a certificate that is part of the same SSL trust cha… Continue reading What prevents an SSL certificate holder to issue new ‘valid’ certificates [duplicate]
If I have a self-signed CA certificate in my truststore, and I am sent a chain of certificates where the root CA is missing, is this a problem and if so why? Say that the last certificate in the chain is called S and is signed by CA.
If th… Continue reading Why include the root certficiate in the chain, if it is already in receiving parts’ truststore?
My understanding is that when a browser accesses a website, the website server sends to the browser a signed certificate. The main goal is that the browser receives a public key that will be used to initiate an encrypted session.
Correct m… Continue reading Browser verifying signed certificates using TLS [duplicate]
I’ve been trying to understand the process how the certificates are being registered and wildcard certificates got my attention.
For some companies that offer free hosting in their site, I noticed that clients with free accounts can also h… Continue reading Does the wildcard certificates registered late?
My state has made a statement that in case my country will be disconnected from the world’s CAs, it is necessary to install its own state certificates. In many forums, information has flashed that in this case, having its own certificate, … Continue reading Can a CA decrypt HTTPS traffic?
Let’s say you have a CSR that filled with incorrect data and you need to issue a certificate to the associated private key holder. The private key holder will not issue another CSR and will not disclose their private key. Can you overwrite… Continue reading Can any field in a CSR be overwritten in the issued cert?
I am building a Certificate Authority using Windows Server ADCS as a ‘Standalone’ CA but my application would be greatly improved if I can utilise OCSP.
Is the ADCS Online Responder Role Service appropriate to be exposed on the public inte… Continue reading Exposing ADCS OCSP on the Public Internet