Collaborate Disseminate
I am working with a vendor’s appliance, and they use the default Java cacerts for adding certs for allowing self-signed certs. When working on this process, I noticed that the cacerts uses the default password changeit
For increased securi… Continue reading Where is a CAcert’s password used? [closed]
I ran a Nexpose scan on a DNS that no longer resolves and a vulnerability was found : X.509 Certificate Subject CN Does Not Match the Entity Name
I don’t know why it’s still producing a vulnerability when the DNS should not even resolve.
H… Continue reading A DNS that has been eliminated is still resulting in X.509 Certificate Subject CN Does Not Match the Entity Name
I am looking into our current website certificate-management process and am looking for steps that may be unnecessary and can be simplified. The current process was created by our sysadmin who now left, and I am confused about step 1 below… Continue reading Why create a CSR on my own server to have it signed by a 3rd party?
On Linux, the /etc/ssl/certs folder includes all the necessary public keys for Certificate Authorities. If I have not misunderstood something, this makes it possible to verify public keys received from other servers over the internet.
But … Continue reading How do we know that our SSL certificates are to be trusted?
when my client tries to authenticate with Radius servers it gives following error:
unable to get local issuer certificate
As per my understanding, this is a trust chain problem or, in other words, my client is missing the CA certificate.
W… Continue reading Client CA certificate & RADIUS
Just saw a piece of news about potential issues with TrustCor root CA.
I don’t see the TrustCor root CA in windows certificate manager.
I do see it in Firefox cert store.
Browsing to trustcor.com in Chrome under Windows 10 works fine showi… Continue reading TrustCor root CA not in Windows 10
We are planning a new PKI for our company.
Existing structure is a single root CA and two issuing CA’s. One for test, one for production.
We can keep the new PKI design the same or we can use another design. One design that came up is usin… Continue reading Root CA best practice
Let’s say I have rootCA.crt, intermediateCA.crt and leaf.crt. I used openssl to veriy leaf.crt:
cat rootCA.crt intermediate.crt > chain.crt
openssl verify -CAfile chain.crt leaf.crt
and it said everything was OK.
I later added rootCA.c… Continue reading Self-signed certificate chain verified by OpenSSL but Windows says leaf is invalid
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters and simplifies the process of obtaining, renewing, and using those certificates. It can issue certificates from a variety of supported sources, including Le… Continue reading cert-manager: Automatically provision and manage TLS certificates in Kubernetes
Based on my understanding, a tls client trusts a server because the server sends its certificate which has been signed by the CA. How does my computer/os know which CAs are publicly trusted? Do all operating systems run programs to update … Continue reading How do operating systems trust public CAs? [duplicate]