Collaborate Disseminate
Question
Would using a firewall MITM capability to inspect all HTTPS web requests be against PCI compliance/rules?
Further Info
We have an issue where we need to allow access to some HTTPS sites on hosts that are in the PCI zone. The optio… Continue reading PCI DSS Compliance and Firewalling Dynamic Hosts with MITM Certificates
I’m trying to test some services and they need to talk to each other over https ( and they can’t talk over http). I want to:
create a Root CA that I can install in my Ubuntu-based docker images
sign a subdomain cert like *.example.com su… Continue reading How can I install a self-signed star cert with a self-generated root CA that openssl will verify against?
A quality answer to this question mentions:
"System is regularly updated with latest patch specifically certificate/CRL from trusted source such as Microsoft."
How does one update certificates/CRL on Windows 7 systems that do not… Continue reading How to update certificates/CRL on Windows 7 systems that are without support contracts?
A few days ago, Let’s Encrypt discovered that they misinterpreted RFC 5280, thus making every certificate they issued valid for one second longer than expected.
The associated issue on Mozilla bug tracker definitively looks serious, and so… Continue reading Let’s Encrypt certificate lifetime incident: is there any security risk?
A few days ago, Let’s Encrypt discovered that they misinterpreted RFC 5280, thus making every certificate they issued valid for one second longer than expected.
The associated issue on Mozilla bug tracker definitively looks serious, and so… Continue reading Let’s Encrypt certificate lifetime incident: is there any security risk?
A few days ago, Let’s Encrypt discovered that they misinterpreted RFC 5280, thus making every certificate they issued valid for one second longer than expected.
The associated issue on Mozilla bug tracker definitively looks serious, and so… Continue reading Let’s Encrypt certificate lifetime incident: is there any security risk?
I’ve recently attempted to set up a certificate authority on my small server environment (Windows server 2019). When attempting to connect to the server from my laptop using remote desktop, I get an inconsistent error depending on which ap… Continue reading "Certificate Revocation Unknown" strange error from Remote Desktop – Windows server 2019 CA [closed]
Today I noticed that Firefox 88.0 beta (on macOS) is rejecting TLS certificates for many Portuguese websites – including most government websites – with the error SEC_ERROR_UNKNOWN_ISSUER.
Example sites:
https://www.autenticacao.gov.pt/
h… Continue reading Why does Firefox no longer recognise certificates issued by Multicert / Camerfirma?
(FYI: I’m using Ubuntu 18.04 Desktop although I don’t think my question is platform-dependent.)
I read the article Scalable and secure access with SSH and it says:
… if you want to use revocation lists, unique serial numbers are a requi… Continue reading ssh-keygen: How to guarantee the uniqueness of serial numbers?
I’m learning about X509 certs used in client-cert authentication to https endpoints. If I have an OCSP checker (Python script that creates, submits, decodes OCSP responses), do I need to check the not-valid-after date on a client cert?
Exa… Continue reading Are SSL certs auto-revoked if their Not-Valid-After date is reached without renewing?