openssl: Not able to verify 3rd in the chain with self-signed certificate [duplicate]

(Disclaimer: Checked all the openssl related topics, no success).
OpenSSL version: OpenSSL 1.1.1s 1 Nov 2022
I’m trying to generate the chain of certificates, root -> intermediate -> user1,user2,user4 but OpenSSL complains in the ve… Continue reading openssl: Not able to verify 3rd in the chain with self-signed certificate [duplicate]

How to restore Microsoft root certificates after moving them to untrusted list? [migrated]

I have been experimenting with security options on m my Windows 10 and moved all Microsoft root certificates from trusted into untrusted position. Not sure if that was the problem but my admin privilege is lost. I am still logged in as an … Continue reading How to restore Microsoft root certificates after moving them to untrusted list? [migrated]

How to restore Microsoft root certificates after moving them to untrusted list? [migrated]

I have been experimenting with security options on m my Windows 10 and moved all Microsoft root certificates from trusted into untrusted position. Not sure if that was the problem but my admin privilege is lost. I am still logged in as an … Continue reading How to restore Microsoft root certificates after moving them to untrusted list? [migrated]

Why Can’t I See Server Certificates in TLS Handshake Public Websites [closed]

I am trying to see HTTPS traffic in wireshark from my local machine to public sites, just to see how the TLS handshake is made.

Why can’t I see the traffic as HTTP2 in filters and only able to see TLS traffic to port 443 and back to my ma… Continue reading Why Can’t I See Server Certificates in TLS Handshake Public Websites [closed]

Messaging Service Wiretap Discovered through Expired TLS Cert

Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate:

The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired.

However, jabber.ru found no expired certificates on the server, ­ as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation.

The expired certificate was instead discovered on a single port being used by the service to establish an encrypted Transport Layer Security (TLS) connection with users. Before it had expired, it would have allowed someone to decrypt the traffic being exchanged over the service…

Continue reading Messaging Service Wiretap Discovered through Expired TLS Cert

Do code signing certificates build reputation only for Microsoft, and is reputation maintained across releases?

I have a Windows executable file that has been code signed with a certificate from a Certificate Authority. The CA is listed in the official Microsoft Trusted Root Program list of participants. The level of my cert is Open Source, which is… Continue reading Do code signing certificates build reputation only for Microsoft, and is reputation maintained across releases?

Is it possible to get an SSL certificate with a Subject Alternate Name of a different website?

If this is possible, what is stopping a malicious file from adding an entry to \etc\hosts that points example.com to a phishing clone of a website?
Usually, the browser warns you that the common name on the certs does not match up, but if … Continue reading Is it possible to get an SSL certificate with a Subject Alternate Name of a different website?