Collaborate Disseminate
Inspired by Is LetsEncrypt activity Public?
Say I’ve got a *.mycompany.com certificate from LetsEncrypt on my primary production server. I want to generate a certificate for my honeypot, which might obviously get stolen.
Can I use *.mycomp… Continue reading Can a wildcard certificate act as CA for subdomains? [duplicate]
I often use a random ingress eg. jhjhtdf76753.example.com, working away quietly developing code on this subdomain for months, never creating a public DNS entry for the subdomain.
The example.com domain points to our load balancer and nginx… Continue reading Is LetsEncrypt activity Public?
We received an email from Cloudflare about the upcoming Let’s Encrypt certificate chain change.
At some point, it states that "Additionally, this change only impacts RSA certificates. It does not impact ECDSA certificates issued throu… Continue reading ECDSA certificates not impacted by Let’s Encrypt certificate chain change?
I’ve got a mailserver and the hostname is mx.domain.com. Of course the server is configured to send emails to $mydomain and/or $myhostname.$mydomain in Postfix. Do I need to create the CSR/key for the FQDN or just the domain?
I am using Do… Continue reading SSL cert for mailserver, which domain? mail client refuses self-signed
Today I learned of the existence of crt.sh. I typed one of my domain names into the search box to find out what it returns. I found a lot of certificate entries for domains that I don’t recognize, and which appear spammy to me. Many of the… Continue reading crt.sh shows certificates for domains I don’t recognize
The ACME protocol defines the use of a replay nonce to prevent replay attacks.
I understand what replay attacks are and why it’s important to prevent them in certain scenarios. But I can’t think of a scenario where a replay attack would be… Continue reading Possible scenario for replay attack in acme protocol
I bought a domain on Namecheap a few weeks back and now that I want to set it up, I visited my domain on the web and discovered that it had a valid cert issued and was pointing to an unknown site. The cert was issued by Let’s Encrypt on De… Continue reading Can Namecheap get certificates issued for my domain without my knowledge?
I bought a domain on Namecheap a few weeks back and now that I want to set it up, I visited my domain on the web and discovered that it had a valid cert issued and was pointing to an unknown site. The cert was issued by Let’s Encrypt on De… Continue reading Can Namecheap get certificates issued for my domain without my knowledge?
We have a service running behind https and we are using SSL certificates from Let’s Encrypt. The problem is that one of our clients distrusts Let’s Encrypt CA and on certificate renewal it requires to us to send the newly generated certifi… Continue reading Reasons to distrust Let’s Encrypt certificates
Let’s say we have:
Publicly available HTTPS API (e.g. api.example.com). The web server that runs it uses a certificate from a publicly trusted CA (e.g. Let’s Encrypt) with both server auth and client auth usages.
A database using mutual T… Continue reading Is it a good idea to reuse certificate issued by public CA for internal database client authentication?