Collaborate Disseminate
Below is the scenario I am demonstrating in LAB.
I have generated CSR on F5-LTM and provided it to CA (CA is my Windows server 2012)
With the help of OpenSSL on Windows server 2012 I generated public and private key pair and signed the C… Continue reading HTTPS not working [migrated]
I am developing Web Application for Certifying Authority as a part of which, I need to generate asymmetric key pair – Private Key and Public Key in user’s smartcard through browser, create Certificate Signing Request (CSR) and send CSR to … Continue reading Web Browser Certificate Enrollment (CSR Generation) and Certificate Download to Smartcard or USB Token
While looking for the best way to add multiple Subject Alternative Names (SAN) to a Certificate Signing Request (CSR), this namecheap article provided the following command:
openssl req -new -addext "subjectAltName = \
DNS:additionald… Continue reading What is the purpose of "certificatePolicies" in a CSR? How should an OID be used?
I have sensor devices with a configuration web interface. Each device has a unique serial number. The devices are deployed in various environments with private IP addresses such as 192.168.x.y or 10.x.y.z. Between different environments, t… Continue reading Sensor device web interface certificate
I would like to know how to use the -extensions parameter of openssl req command to generate a csr with basicConstraint=CA:False, Please not i do not want to use a ssl configuration file but to generate the csr with command line only witho… Continue reading openssl csr generation with basicConstraint=CA:False
Before I proceed to testing this myself I wanted some clarity. I have a basic understanding of SSH and Cryptography but not completely sure about this plan. I want to implement a key rotation policy by enforcing that end user keys are only… Continue reading When I provision (sign) keys to end-users, can I force the definition of certificate expiration (different from CA expiration)?
A vendor’s software is generating CSRs with no keyUsage or extendedKeyUsage set and in combination with this they contain commonNames that are not fully qualified domain names. If I submit them to Digicert as "Private SSL" certif… Continue reading CSR with no keyUsage or extendedKeyUsage specified and invalid DNS in CommonName – will anyone sign it?
When I run:
openssl genrsa -aes-256-gcm -out rootca.key 4096
Then I get the following output:
$ openssl genrsa -aes-256-gcm -out rootca.key 4096
Generating RSA private key, 8192 bit long modulus (2 primes)
…………………………….. Continue reading I am unable to use an RSA key generated with the -aes-256-gcm option in openssl, help
While increasing my communication security as much as possible, I came across OpenPGP & S/MIME and already use an OpenPGP key pair in both of my mail clients (PC & smartphone).
I believe the CSR must be generated based on a truely … Continue reading Create CSR for S/MIME certificate from existing OpenPGP key pair
I am developing an internal web application. I think it would be a good idea to secure the local web server with an https certificate. I read several postings recommending certificates on local servers. This is a large company with its own… Continue reading who should create a CSR, the developer or system management?