Support for domain-specific root CAs in X.509 certificate format, OS and browsers

Chance is one gets an invalid certificate warning when one follows this link https://www.cnss.gov. As explained there (same warning) this is on purpose, and the solution is supposed to be to install1 extra root Certification Authority cert… Continue reading Support for domain-specific root CAs in X.509 certificate format, OS and browsers

eIDAS: EU’s internet reforms will undermine a decade of advances in online security

The European Union’s attempt to reform its electronic identification and trust services – a package of laws better known as eIDAS 2.0 – contains legislation that poses a grave threat to online privacy and security. An article buried deep in the draft t… Continue reading eIDAS: EU’s internet reforms will undermine a decade of advances in online security

Why are IT professionals not automating?

As an IT professional, you understand the value of automation, and like many IT experts, you may approach it with a mix of excitement and apprehension. Automation is a powerful tool for streamlining processes, reducing manual tasks, and enhancing effic… Continue reading Why are IT professionals not automating?

Can I rename a Java keystore file through Windows/Eclipse without having to regenerate it?

We’re rebranding our product and as a part of that we need to rename a keystore used by Java for secure XMLRPC connections between our components from OLDBRANDNAME_keystore to NEWBRANDNAME_keystore. Can we safely do this simply by renaming… Continue reading Can I rename a Java keystore file through Windows/Eclipse without having to regenerate it?

Local Machine certificate (certlm.msc) – choosing "Microsoft Software Key Storage Provider" on import [migrated]

When importing a device certificate/private key through CERTLM, the GUI seems to choose a deprecated Cryptography Service Provider (CSP) called "Microsoft Strong Cryptographic Provider"; I’m wondering if there is a way to change … Continue reading Local Machine certificate (certlm.msc) – choosing "Microsoft Software Key Storage Provider" on import [migrated]

How to feasibly digital sign high volume documents with CA issued digital certificate?

My organisation, say Acme, is building an e-signature platform where global businesses sign up and use the platform to send out e-signature requests. And when signers in a particular e-sign request sign the document, Acme must digitally si… Continue reading How to feasibly digital sign high volume documents with CA issued digital certificate?

What happens to the key pair once the CSR has been enrolled?

I have a key pair which I used to generate a CSR.
Once I enrolled that CSR PKCS10, I get from the PKI (or CA) a certificate signed with the PKI private key.
From here, I would like to know if my private key is useful in any way in regards … Continue reading What happens to the key pair once the CSR has been enrolled?

Is it fine if I share a .pfx self signed certificate generated inside my machine with other users to test and use PnPCore SDK

We want to develop some Azure functions which use PnPCore SDK. For testing purposes, I registered an Azure app which uses self-signed certificate for authentication.
Now I configured the Azure app registration to only access our SharePoint… Continue reading Is it fine if I share a .pfx self signed certificate generated inside my machine with other users to test and use PnPCore SDK

What happens at a low level when authenticating server certificates?

Regarding the TLS 1.3 Handshake Protocol:
When the Server sends it’s certificate, exactly how does the Client validate this?
I know at a high level the Client is verifying the data the Server sent matches what the Certificate Authority con… Continue reading What happens at a low level when authenticating server certificates?