Over what fields is the X509 hash computed over? [duplicate]

Is this how X509 certificates are verified to be valid?

The receiver receives the certificate
Look at the issuer of the cert, and find the public key of that CA (its hardcoded in the application or the OS)
Decrypt the signature using the … Continue reading Over what fields is the X509 hash computed over? [duplicate]

Is Self-Signed certificate sufficient for Production environments exposed to the Internet to secure our Azure Function

We have created an Azure Function which runs on a scheduled basis to update Sharepoint Online sites (each 10 minutes).
Now for this Azure Function to integrate with SharePoint, we have created an Active Directory App and we defined a Self-… Continue reading Is Self-Signed certificate sufficient for Production environments exposed to the Internet to secure our Azure Function

Does defining "a minimum path length" for certification validation have any security benefit?

As you may know, Common Criteria (AKA ISO/IEC15408: A standard for IT Security Evaluation) have provided some security base-line documents named "Protection Profile" for software developers and product manufacturers. Developers a… Continue reading Does defining "a minimum path length" for certification validation have any security benefit?

What problem does "max_path_length" attribute in certificates are going to solve?

I’m trying to understand the purpose of defining pathLenConstraint and max_path_length in RFC5280 (Internet X509 PKI Certificate and CRL Profile):
For pathLenConstraint The above mentioned RFC states:

The pathLenConstraint field is meanin… Continue reading What problem does "max_path_length" attribute in certificates are going to solve?

Can an Intermediate CA extend its "Certificate Key Usage" by issuing a new certificate for itself?

I’m trying to understand the purpose of defining self-issued certificate concept in RFC5280 (Internet X509 PKI Certificate and CRL Profile):
Regarding this concept the RFC states:

This specification covers two classes of certificates:

CA… Continue reading Can an Intermediate CA extend its "Certificate Key Usage" by issuing a new certificate for itself?

Why installing a root certificate on the client opens a door for MitM attack?

Most internet communication is now end-end encrypted using TLS. In the TLS process, the TLS server sends a PKI certificate to the user which then gets authenticated using the CA’s root certificate that it has (I believe it’s stored in the … Continue reading Why installing a root certificate on the client opens a door for MitM attack?

client side certificate installed on ios 16 are not being sent by browsers on that device when a server requests for a identity cert

I have a client side certificate from cloudflare (non-root) that i install on our devices in order to gain access to our sites that ask for a client side certificate from browsers. This works perfectly well on desktop browsers on linux, wi… Continue reading client side certificate installed on ios 16 are not being sent by browsers on that device when a server requests for a identity cert