Collaborate Disseminate
I am not confident in my understanding of Certificate Authority and signing certificates. I’m wondering how do you verify the authenticity of an issuer when inspecting an entity certificate.
Here’s the scenario that I am using to improve … Continue reading Openssl command to verify authenticity of CA Issuer? And the "magic" behind it? [duplicate]
Working at the speed of digital business is a constant challenge. But in today’s increasingly automated operational environment, crypto agility—i.e., an organization’s ability to (at the moment of compromise) switch rapidly and seamlessly between certi… Continue reading 3 ways to achieve crypto agility in a post-quantum world
I am reading about how certificates work in the context of X.509, SSL/TLS/HTTPS. According to Wikipedia, the client (e.g. a browser) is supposed to check the revocation status for each non-root certificate as a part of certification path v… Continue reading How is issuing a certificate revocation response different from re-issuing the certificate itself?
It is not clear to me how the Common Name affects a certificate authority and the certificates that are ultimately created. For example, I have this simple script that creates some files for a certificate authority auto-generated/ca.* and… Continue reading Criteria for Common Name of Certificate Authority and how it affects SSL certificates
I’ve been trying to read more about self-signed SSL certificates versus creating my own certificate authority to sign SSL certificates. I am still not completely clear on this.
I’ll start by explaining my use case: I have customers that … Continue reading Other benefits of creating my certificate authority aside from the firefox issue and centralized management of certificates?
I download its certificates. To do that, I used the openssl debug output of the command
openssl s_client -connect security.stackexchange.com:443 -servername security.stackexchange.com -showcerts -debug </dev/null 2>&1|tee out
We’re experiencing an issue, where SSL server-certificates issued by our own internal PKI will show as invalid in the browser, when accessing the site.
The error is NET::ERR_CERT_INVALID (Tested in Edge and Chrome). IE shows Mismatched Add… Continue reading SSL Certificates signed by our CA show as invalid in browser
Environment:
A multi-tiered Active Directory (AD) where tier-specific admin accounts are restricted to log on to only their tier servers.
Microsoft’s Certificate Services (CS).
Let’s say the CA tier is A and the admin requesting a Code S… Continue reading Requesting an user-specific certificate in a tiered domain
Chance is one gets an invalid certificate warning when one follows this link https://www.cnss.gov. As explained there (same warning) this is on purpose, and the solution is supposed to be to install1 extra root Certification Authority cert… Continue reading Support for domain-specific root CAs in X.509 certificate format, OS and browsers
My organisation, say Acme, is building an e-signature platform where global businesses sign up and use the platform to send out e-signature requests. And when signers in a particular e-sign request sign the document, Acme must digitally si… Continue reading How to feasibly digital sign high volume documents with CA issued digital certificate?