Collaborate Disseminate
I am working on a deployment where the customer is requesting to do things differently from our standard process for client authentication. Usually we generate a CA for a customer project, get them to generate a CSR, we sign it with the CA… Continue reading Authorising client (mTLS) based on distinguished name
I came across this issue when we implemented a new security solution. Said solution has its own root CA certificate and will create certificates for HTTPS web pages "on the fly". Each HTTPS page you visit now has an "instant… Continue reading How to prevent HTTPS man-in-the-middle with self-signed certificates?
Digicert has disallowed "double dashes" in the third and fourth characters in new certs:
Effective October 1, 2021, for publicly trusted TLS/SSL certificates, we no longer allow the use of double dashes (–) in the third and fou… Continue reading Why are SSL CAs prohibiting double dash in third and fourth characters?
Assuming the server doesn’t send the root CA certificate along with it’s certificate and all the intermediates, how does the client know the root CA certificate in order to validate the server’s certificate? Is it by the details of the iss… Continue reading How does a TLS client know the CA certificate?
Our company has the following problem. Since some while ago we have been spammed by GoDaddy’s automated "Domain Access Verification" emails that look as follows:
Dear Secure Certificate Customer,
We have received a Certificate S… Continue reading Reporting a root CA non-compliance [closed]
Driven by the acceleration of digital transformation and cloud migration during the pandemic, the analysis of the world’s top 1 million sites over the last 18 months shows that in many ways, the internet is becoming more secure. Use of encryption is in… Continue reading EV certificate usage declining: Is the internet becoming more secure?
I haven’t looked into this for a few years, but wondering if there are any alternative solutions now for Document Signing other than Self-Signing (specifically PDFs using Acrobat) or having to pay high annual fees to a major Certificate Au… Continue reading Alternative solutions to Document Signing without paying for a Certificate Authority that are better than Self-Signing?
We are currently shipping a product to our customers that is server-client-based running on Windows server 2016 (server) and Windows 10 (clients). The server is installed on-premise in our customer’s infrastructure. We are always installin… Continue reading How to update self-signed server certificate on the clients
We are currently shipping a product to our customers that is server-client-based running on Windows server 2016 (server) and Windows 10 (clients).
The server is installed on-premise in our customer’s infrastructure.
We are always installin… Continue reading How to set up certificate architecture for on-premise server-client application
How widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. universities and Qihoo 360, the company developing the 360 Secure Browser, have colle… Continue reading Researchers shed light on hidden root CAs