Collaborate Disseminate
Hope someone can explain the impact as I know a bit but not too much about using certificates.
We use an external CA QV (I think now Digicert) to create certs and install into the web, vpn, wired/wireless dot1x servers.
QV recently revoked… Continue reading Different Intermediate Certificates on client/server question
I’ll formulate my question in regards to timestamped PDF, but I wonder actually about the long term validation of RFC3161 tokens in general.
So, PAdES has the concept of Long Term Validation, which means (correct me if I’m wrong), that a d… Continue reading What’s the merit of storing LTV (long term validation) information for RFC3161 tokens and what happens if a TSA private key would leak?
Kazakhstan recently tried to force users again to install a root CA. This has been rejected again by numerous western tech companies.
https://www.engadget.com/tech-giants-browsers-block-kazakhstan-web-surveillance-080031499.html
How they d… Continue reading What capabilities does the Kazakhstan root CA have which other "trusted" CA’s don’t?
I’m looking into the feasibility of using indirect CRLs to eliminate the need to manually publish CRLs from an offline root.
Is anyone familiar with any similar deployments? If so, how did they set it up so the CRL signer doesn’t need acce… Continue reading Deployment tips to support indirect CRLs
I just generated a revocation certificate for my key. Unfortunately I don’t fully understand the concept. Here are my questions:
How exactly am I supposed to use it?
Suppose for example that my private key gets compromised.
What exactly I… Continue reading How am I supposed to use a revocation certificate, and can there be multiple revocation certificates for the same private key?
SolarWinds Orion customers have suffered some network compromises according to news reports.
One report says, right at the end of the article, that SAML2.0 signing certificates may have been compromised.
From the point of view of a SAML se… Continue reading SolarWinds Orion SAML compromise mass cert update
In my program I use CertGetCertificateChain to investigate the validity of certificates.
If in my test PKI I revoke a certificate and specify the reason "unspecified", the error code in the last parameter pChainContext->TrustS… Continue reading CertGetCertificateChain doesn’t recognise revoked certificate if the reason is "unspecified"
Summary:
Certificates calling to OCSP Responder (OCSPr) have their "Cert Status" change from "good" to "unknown" with no known to changes to environment. Completely lost on this one.
More Detail:
I have been b… Continue reading OpenSSL OCSP Responder "Cert Status: good" -> "Cert Status: unknown"
Chrome (Version 84.0.4147.105 (Official Build) (64-bit)) is not able to access an HTTPS website and giving NET::ERR_CERT_REVOKED error while trying to load the website .On the other hand, IE does allow to access the site.. Just wanted to u… Continue reading Chrome showing NET::ERR_CERT_REVOKED but working IE
Need to revoke a certificate? There’s a list for that… X.509 digital certificates are integral to public key infrastructure (PKI) and web security as a whole. But what happens when…
The post CRL Explained: What Is a Certificate Revocatio… Continue reading CRL Explained: What Is a Certificate Revocation List?