Collaborate Disseminate
I know that modern web browsers don’t check CRLs for certificates from CAs in the default trust store anymore.
I also know that there are some exceptions for certificate validation when it comes to corporation / enterprise PKIs. For exampl… Continue reading Do current browsers still validate CRLs in enterprise PKI environments
This question is specifically about certificates that should have had a long lifetime, but were revoked quickly.
Is every CRL issued by this CA guaranteed to include its revocation, as long as the original certificate would still be valid?… Continue reading Does a certificate revocation list (CRL) keep it’s entries at least as long as the certificate would have been valid?
I have an assignment in which I have to implement OCSP and do a proof of concept of a vulnerability.
My idea was to implement OCSP without using a nonce (this is done) and then perform a replay attack. However I’m having trouble doing the … Continue reading Any vulnerability of OCSP for proof of concept
I need to check revocation status of the certificate. It always ends with the error that the revocation status couldn’t be verified because it could not find the CertPath that establishes a key that can be used to verify the revocation sta… Continue reading Check certificate revocation status in Spring-WS [closed]
Imagine the following scenario:
We have Bob that wants to send a message to Alice. Both have a public/private key. Bob uses his private key to sign the digest (hash of the message) with it’s private key, and sends along it the plain text m… Continue reading How does a digital certificate prove authenticity?
I am looking for some examples of private key leakage or compromised keypair (via insider attack, configuration mistake, etc.) that lead to certificate revocation. I am particularly looking for cases when CA was compromised but can also us… Continue reading Examples of private key leakage / compromised keypair resulting in certificate revocation
I read this article at Electronic Frontier Foundation on how Russian government wants the residents there to install a specific "Trusted Root CA" certificate. According to the article, this certificate has can inspect the users t… Continue reading How to determine what Certificate Authorities to keep on my computer?
I am building a Certificate Authority using Windows Server ADCS as a ‘Standalone’ CA but my application would be greatly improved if I can utilise OCSP.
Is the ADCS Online Responder Role Service appropriate to be exposed on the public inte… Continue reading Exposing ADCS OCSP on the Public Internet
For a Windows 7 Home Premium box that does not have internet or network (LAN/WAN) access, how can one update the machine’s list of valid and revoked security certificates?
A non-connected device (no devices are connected to the Windows 7 b… Continue reading How to update certificates and certificate revocation lists on a Windows 7 box that does not have any networking? [migrated]
I was wondering if the connection towards the ocsp responder/server is TLS encrytped itself. Meaning that the client requesting a validity check for a certificate verifies the OCSPs server certificate?
If so that OCSP server should be sign… Continue reading Is a OCSP request verified via TLS?