Collaborate Disseminate
At work, we are deploying a new VoIP solution, and as part of that, we are supposed to install a custom root certificate on our computers and mobile devices. The manufacturer of that VoIP solution has the private key to that. The certif… Continue reading Is it common practice that vendors put own root certificates on customer devices?
Working at the speed of digital business is a constant challenge. But in today’s increasingly automated operational environment, crypto agility—i.e., an organization’s ability to (at the moment of compromise) switch rapidly and seamlessly between certi… Continue reading 3 ways to achieve crypto agility in a post-quantum world
AnyDesk Software GmbH, the German company behind the widely used (and misused) remote desktop application of the same name, has confirmed they’ve been hacked and their production systems have been compromised. The statement was published on Frida… Continue reading AnyDesk has been hacked, users urged to change passwords
I have a mobile app deployed to millions of user in both Android and iOS.
My Security dpto rotates our certs once a year.
Our certs are issued by GlobalSign.
I would like to pin the certificate without having to worry about the rotation of… Continue reading Will this certificate Pinning plan work as expected?
I am facing an issue where some (not all) Windows 10 machines receive a CERT_AUTHORITY_INVALID error when they are trying to open an internal application:
When I observed on the firewall it was directing clients towards a blocked IP. I re… Continue reading "Your connection is not private" error on a locally published application [closed]
I just started using a Yubikey 5. I’ve set up GPG according to this excellent guide, and now I have 3 working ECC key pairs on my Yubikey: Sign/S :: ed25519, Encrypt/E :: cv25519, Authentication/A :: ed25519.
Now I want to use my Yubikey t… Continue reading Certify using Yubikey
I’ve been trying to read more about self-signed SSL certificates versus creating my own certificate authority to sign SSL certificates. I am still not completely clear on this.
I’ll start by explaining my use case: I have customers that … Continue reading Other benefits of creating my certificate authority aside from the firefox issue and centralized management of certificates?
I am working on a project where I am port scanning the full IPv4 address space globally and analysing the banner behind the hosts (services, software versions etc.). For some hosts I found TLS certificates that have MAC addresses in the co… Continue reading Is it a security risk to put MAC-adresses in a TLS certifcate common name? [closed]
For PEAP it’s important to enable the "Verify the server’s identity by validating the certificate" setting in a Windows WiFi profile. Is there any benefit enabling this for EAP TLS? If I understood correctly, EAP TLS itself uses … Continue reading Does EAP TLS benefit from “Verify the server’s identity by validating the certificate” setting
I already tried googling but no luck. All search results always tell you how to check cert expiration manually, but that is not my question. Yes I can use OpenSSL for example, but what I am asking is how the SSL/TLS protocol does it, not h… Continue reading How does the SSL/TLS protocol determine if a certificate is expired or not?