Collaborate Disseminate
Chrome (Version 84.0.4147.105 (Official Build) (64-bit)) is not able to access an HTTPS website and giving NET::ERR_CERT_REVOKED error while trying to load the website .On the other hand, IE does allow to access the site.. Just wanted to u… Continue reading Chrome showing NET::ERR_CERT_REVOKED but working IE
Need to revoke a certificate? There’s a list for that… X.509 digital certificates are integral to public key infrastructure (PKI) and web security as a whole. But what happens when…
The post CRL Explained: What Is a Certificate Revocatio… Continue reading CRL Explained: What Is a Certificate Revocation List?
As many of you know Addtrust certificate https://crt.sh/?id=1 expired 30 May 2020 as well as many other intermediate certs and now we have to update certs on many servers to either root cert https://crt.sh/?id=1199354 or using another chai… Continue reading Why infamous Addtrust certificate is still not expired (same private key) for code signing?
I downloaded a revoked certificate from the website https://www.ssl.com/sample-valid-revoked-and-expired-ssl-tls-certificates/. Specifically, the revoked certificate of the site https://revoked-rsa-ev.ssl.com/.
To check the verification r… Continue reading openSSL shows a revoked certificate as secure
I use Nginx for client-side authentication.
Only the SSL-certificates from the User CA should have access to the application.
The CA hierarchy:
Root CA
|
Intermediate CA
|
User CA
So ssl_verify_depth (maximum verification de… Continue reading Certificate Revocation with intermediate CAs – combine CRLs?
From the academic and real-world scenarios which CAs are more prone to misbehavior or compromise by attackers (Root, Intermediate or issuing CAs)?
What are the consequences after compromise?
Are the current revocation mechanisms such as … Continue reading Which CAs is more vulnerable to compromise or misbehave in the trust chain (Root, Intermediate or Issuing CA)?
Kleopatra/ GPG can create revocation certificates, which look a lot like public/private keys. Obviously, these keys should not be shared or used unless one intends to revoke their keys. But assume that the revocation certificate were not s… Continue reading Does a revocation certificate leak information about the private key?
Merely because of private interest and usage in my own network, I’m creating a certificate chain (Root CA → Intermediate CA → Server cert) using openssl. I’d like the certificate chain to be traceable and also being able to revok… Continue reading Correct CRL and OSCP URIs along certificate chain
I’m looking for a way to limit the certs that my IPsec can accept. I’m using StrongSwan (swanctl version 5.7), I want to accept only certs coming from a remote with a name of yoji.*.example.com
I searched a lot on the internet. The docume… Continue reading StrongSwan, IPsec remote certs and cert_policy
I’m looking for a way to limit the certs that my IPsec can accept. I’m using StrongSwan (swanctl version 5.7), I want to accept only certs coming from a remote with a name of yoji.*.example.com
I searched a lot on the internet. The docume… Continue reading StrongSwan, IPsec remote certs and cert_policy