Should I house my organization’s root CA certificate in public github repostiory?

We have a public repository of a software that uses Docker container. Any thing that runs within the organization sees certificates signed by our org’s root CA. For the container to run properly within our org, the root CA certificate need… Continue reading Should I house my organization’s root CA certificate in public github repostiory?

Can a wildcard certificate act as CA for subdomains? [duplicate]

Inspired by Is LetsEncrypt activity Public?
Say I’ve got a *.mycompany.com certificate from LetsEncrypt on my primary production server. I want to generate a certificate for my honeypot, which might obviously get stolen.
Can I use *.mycomp… Continue reading Can a wildcard certificate act as CA for subdomains? [duplicate]

Why do some SSL clients need a full certificate chain and others don’t? [duplicate]

I was setting up a private docker repository and by mistake, I included the server certificate without a full certificate chain.
I can access the repository (https://privserver1.64hosts.com:5004/) with Chrome, and Chrome reports the SSL ce… Continue reading Why do some SSL clients need a full certificate chain and others don’t? [duplicate]

Is there a security reason why few CAs offer IP-based SSL/TLS certificates?

I’ve heard numerous times that Few CAs offer IP-based SSL/TLS certificates.
This question seems extremely similar, but what the accepted answer says is:

Usual commercial CA won’t accept to encode IP addresses in certificates, in particula… Continue reading Is there a security reason why few CAs offer IP-based SSL/TLS certificates?

Are my internal systems susceptible to MitM if the root/chain is shared amongst all customers?

Suppose that my certificate authority issues private certificates using the same chain for all of their customers. Does this mean that a malicious actor who happens to be another one of their customers can easily perform an MiTM without a … Continue reading Are my internal systems susceptible to MitM if the root/chain is shared amongst all customers?

Shorter TLS certificate lifespans expected to complicate management efforts

76% of security leaders recognize the pressing need to move to shorter certificate lifespans to improve security, according to Venafi. However, many feel unprepared to take action, with 77% saying the shift to 90-day certificates will mean more outages… Continue reading Shorter TLS certificate lifespans expected to complicate management efforts