Collaborate Disseminate
Every document that needs to be eIDAS compliant needs to have a qualified timestamp. If we take an email as a document, then the email, based on eIDAS regulations, needs to have an qualified timestamp issued by a qualified CA. As I know, n… Continue reading eIDAS qualified timestamp on email
I’m a beginner in security but I am trying to send a request to a server through mutual authentication.
I was given
CA pem file
client cert pem file
private key pem file
Right now, I’m trying to establish a connection to the server but i… Continue reading Debugging HTTP 403 Forbidden when using cURL for mutual authentication SSL (mTLS) [migrated]
tl;dr: In certificate based SSH authorization, is there any benefit to keeping host certificates lifespan short? Do you gain anything by renewing them periodically?
Full Story
Recently I have been exploring SSH access through certificates,… Continue reading Is there a reason to renew host SSH certificates?
I am an Open Banking enthusiast and I’m studying the Berlin Group’s XS2A framework these days. There, it has an error code called CERTIFICATE_BLOCKED. As the description of it, it states,
"Signature/corporate seal certificate has bee… Continue reading Can certificates be blocked temporarily by CAs?
I am reading RFC4210 and trying to understand the CMP protocol.
I will use the sample capture cmp_IR_sequence_OpenSSL-Cryptlib.pcap from https://wiki.wireshark.org/SampleCaptures to put forth my questions.
In the IR, the client used a sig… Continue reading Query on CMP POPO, encrypted cert and certhash
I am bewildered as to the below config and subsequent behaviour.
/etc/ssh/sshd_config:
AuthorizedPrincipalsFile /etc/ssh/principals
/etc/ssh/principals:
all
host.example.com
dev
This allows me to login as ANY user using my cert which has… Continue reading OpenSSH AuthorizedPrincipalsFile Allows Any User
I’m living in a very evil country and don’t trust my ISP or the government. Moreover the country has control of several root and probably more intermediate certificate authorities. What options do I have as a normal end user with a DSL or … Continue reading Protecting against BGP hijacking
I am developing Web Application for Certifying Authority as a part of which, I need to generate asymmetric key pair – Private Key and Public Key in user’s smartcard through browser, create Certificate Signing Request (CSR) and send CSR to … Continue reading Web Browser Certificate Enrollment (CSR Generation) and Certificate Download to Smartcard or USB Token
How is it guaranteed that a SSL certificate issuer doesn’t issue cerificates without verifing that the user holds the specified domain name or even that the issuer himself doesn’t issue a certificate to do a MiTM attack ?
Can a man in the middle attacker intercept and forge a different certificate(a self-signed one may be) to the browser?
In this case, browser will show warning to the user and doesn’t display’s the green pad lock near the url.
Even if a sin… Continue reading Forging ssl certificate to the browser