Other benefits of creating my certificate authority aside from the firefox issue and centralized management of certificates?

I’ve been trying to read more about self-signed SSL certificates versus creating my own certificate authority to sign SSL certificates. I am still not completely clear on this.
I’ll start by explaining my use case: I have customers that … Continue reading Other benefits of creating my certificate authority aside from the firefox issue and centralized management of certificates?

Is it a security risk to put MAC-adresses in a TLS certifcate common name? [closed]

I am working on a project where I am port scanning the full IPv4 address space globally and analysing the banner behind the hosts (services, software versions etc.). For some hosts I found TLS certificates that have MAC addresses in the co… Continue reading Is it a security risk to put MAC-adresses in a TLS certifcate common name? [closed]

Does EAP TLS benefit from “Verify the server’s identity by validating the certificate” setting

For PEAP it’s important to enable the "Verify the server’s identity by validating the certificate" setting in a Windows WiFi profile. Is there any benefit enabling this for EAP TLS? If I understood correctly, EAP TLS itself uses … Continue reading Does EAP TLS benefit from “Verify the server’s identity by validating the certificate” setting

How does the SSL/TLS protocol determine if a certificate is expired or not?

I already tried googling but no luck. All search results always tell you how to check cert expiration manually, but that is not my question. Yes I can use OpenSSL for example, but what I am asking is how the SSL/TLS protocol does it, not h… Continue reading How does the SSL/TLS protocol determine if a certificate is expired or not?

Why openssl verify does not work for the certificate chain of a correctly configured site?

I download its certificates. To do that, I used the openssl debug output of the command
openssl s_client -connect security.stackexchange.com:443 -servername security.stackexchange.com -showcerts -debug </dev/null 2>&1|tee out

Th… Continue reading Why openssl verify does not work for the certificate chain of a correctly configured site?

SSL Certificates signed by our CA show as invalid in browser

We’re experiencing an issue, where SSL server-certificates issued by our own internal PKI will show as invalid in the browser, when accessing the site.
The error is NET::ERR_CERT_INVALID (Tested in Edge and Chrome). IE shows Mismatched Add… Continue reading SSL Certificates signed by our CA show as invalid in browser