Collaborate Disseminate
Inspired by Is LetsEncrypt activity Public?
Say I’ve got a *.mycompany.com certificate from LetsEncrypt on my primary production server. I want to generate a certificate for my honeypot, which might obviously get stolen.
Can I use *.mycomp… Continue reading Can a wildcard certificate act as CA for subdomains? [duplicate]
Is their a recommended RFC standard way to sign an ECDH certificate?
Given that the ECDH Private Key is not intended for digitalSignatures it seems wrong to sign a CSR with it’s own Private Key.
It would seem logical that another trusted c… Continue reading ECDH Certificate Signing
I was setting up a private docker repository and by mistake, I included the server certificate without a full certificate chain.
I can access the repository (https://privserver1.64hosts.com:5004/) with Chrome, and Chrome reports the SSL ce… Continue reading Why do some SSL clients need a full certificate chain and others don’t? [duplicate]
For educational purposes, I am assembling a private network to act as a small sized company using BIND9 and OpenLDAP on FreeBSD 14.1 machines.
The private networks’ DNS servers, NS1 on 172.21.0.20 and NS2 on 172.21.0.10, map the internal d… Continue reading TLS certificates on a network drive/storage
The US government will remove “unnecessary degree requirements” in favor of skills-based hiring to help fill 500,000 open cybersecurity jobs.
The post US Gov Removing Four-Year-Degree Requirements for Cyber Jobs appeared first on SecurityWeek.
Continue reading US Gov Removing Four-Year-Degree Requirements for Cyber Jobs
I am running testssl scan on an http port, after running the scan I got some errors highlighted in red.
The main one that I noticed is that certificate does not have SAN.
testlssl output:
subjectAltName (SAN) missing (NOT ok) — Br… Continue reading Is missing SAN in certificate a security issue?
A while ago, I created self-signed certificates for my internal domains with openssl:
openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -days 3650 -nodes -keyout mysite.eden.internal.key -out eden.django.crt -subj "/C=… Continue reading Subject alternative name missing from certificate signed by own CA [duplicate]
Suppose that my certificate authority issues private certificates using the same chain for all of their customers. Does this mean that a malicious actor who happens to be another one of their customers can easily perform an MiTM without a … Continue reading Are my internal systems susceptible to MitM if the root/chain is shared amongst all customers?
Right up front – I am aware of this question here.
But this is not about browsers, for now.
I checked the certificate with openssl, which tells me GTS Root R1 is the root ca.
Same result in Chrome and by utilizing openssl cli from my Windo… Continue reading Why can’t I find google’s Root CA in my trust store? [closed]
I’m using EST protocol for enrolling new certificates.
And I was thinking how I, as an application, should validate a certificate issued by that CA or EST server before storing and using it.
should I validate the signature of the returned… Continue reading Validate a newly issued certificate