Collaborate Disseminate
I’ve noted that SHA256 of CSRs for RSA keys, generated as
openssl req -new -config leaf.conf -key rsa.key rsa.csr
are always the same, given the same key and configuration. In the same time, every time I regenerate CSR for ECC (P-384) key,… Continue reading Are ECC CSR always different and if yes, why? [closed]
The RFC – 7030 section 4.2.2, EST protocol, suggests to use the Change Subject Name attribute when the client would like to use a different subject for the new issued certificate during reenrollment.
There are two things
I can’t use the O… Continue reading How to include ChangeSubjectName in CSR?
I am working on a project where I am port scanning the full IPv4 address space globally and analysing the banner behind the hosts (services, software versions etc.). For some hosts I found TLS certificates that have MAC addresses in the co… Continue reading Is it a security risk to put MAC-adresses in a TLS certifcate common name? [closed]
TLS unique value is present in TLS 1.2 version.
In Golang, I can get the value of the TLS unique value from the http response through the field TLS.
I’d like know how I can get it from Apache.
Is there an environment variable that already … Continue reading How to retrieve TLS unique value from Apache?
I’m using a GlobalSign EST Go library that provides an implementation of the RFC 7030 (EST).
So far doesn’t provide any function to generate a CSR at runtime and therefore include the TLS-unique value in the CSR before enrolment.
I might u… Continue reading How to include TLS-unique value in CSR?
I have a key pair which I used to generate a CSR.
Once I enrolled that CSR PKCS10, I get from the PKI (or CA) a certificate signed with the PKI private key.
From here, I would like to know if my private key is useful in any way in regards … Continue reading What happens to the key pair once the CSR has been enrolled?
From this question, it is said that when creating a CSR, we attach the public key and fill in other data.
When creating a CSR, you attach your public key to it and fill in other needed data; you then send it to a Certificate Authority (CA… Continue reading Is a Certificate Signing Request a concatenation of public key and metadata?
I’ve been reading about WebAuthn and try to write some code to exercise.
One thing I noticed is that the spec doesn’t seem to provide any way to verify the correctness of the public-key being create()’d other than through attestation. And … Continue reading WebAuthn does not guarantee public-key integrity other than trough attestation?
I would like to generate a Certificate Signing Request (CSR) and add additional custom information in it.
The standard CSR fields are common name, country, organization, organizational unit, etc.
Is there a field like "note" or s… Continue reading How to add additional information to Certificate Signing Request (CSR)?
I was wondering if there are papers or well-known algorithms to automate the validation of a Certificate Signing Request (CSR).
Suppose I have a group of trusted services where I expose a "CA service" to dispatch the certificates… Continue reading Automatic Certificate Signing Request (CSR) Validation