Collaborate Disseminate
It is not clear to me how the Common Name affects a certificate authority and the certificates that are ultimately created. For example, I have this simple script that creates some files for a certificate authority auto-generated/ca.* and… Continue reading Criteria for Common Name of Certificate Authority and how it affects SSL certificates
Let’s say I made a platform called the HelloWorld Platform. The HelloWorld Platform consists of one RaspberryPi that hosts PHP based REST API and one RaspberryPi that has temperature sensor that relays data to a self-hosted bash script w… Continue reading Creating SSL certificates that can work on any local area network?
I’ve been trying to read more about self-signed SSL certificates versus creating my own certificate authority to sign SSL certificates. I am still not completely clear on this.
I’ll start by explaining my use case: I have customers that … Continue reading Other benefits of creating my certificate authority aside from the firefox issue and centralized management of certificates?
I download its certificates. To do that, I used the openssl debug output of the command
openssl s_client -connect security.stackexchange.com:443 -servername security.stackexchange.com -showcerts -debug </dev/null 2>&1|tee out
The EU eIDAS Dashboard serves as a repository for trusted "trust providers" in accordance with the eIDAS regulation. The provider’s certificates are listed within the dashboard.
You can find an example here.
To retrieve the certi… Continue reading Help identify the tool generating certificate displays on the EU eIDAS Dashboard
I have been assigned an application that is a few years old now, written by people who are no longer at the company. There is little-to-no documentation on processes or code.
It signs firmware for a System to accept, while digging through … Continue reading OpenSSL CMS Sign and Verify
I have an issue where I have an iOS app which is pinned to a root certificate of GlobalSign which is due to expire early February. This is their G2 root AlphaSSL cert.
We currently have a site certificate coming off of it which is due to e… Continue reading G4 cert using G2 intermediary cert
If I have a system where I have 100% control over the client operating system and the server operating system, is there any use case for enabling more than one cipher suite (or any of the options that something like openssl will let you co… Continue reading If I control both sides of a connection, is there any reason to support alternate cipher suites?
key1.pem looks like this:
—–BEGIN PRIVATE KEY—–
encoded data
—–END PRIVATE KEY—–
key2.pem looks like this:
—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,28B2F38A64661706B0BC08CE244D8CA8
encoded … Continue reading What is the difference of these two key files? [closed]
I need to protect a private RSA key using a passphrase but using AES-GCM for the actual encryption.
This is normally done using various a combination of openSSL library calls. However, I now need to support using AES-GCM instead of AES-CBC… Continue reading Encrypting/wrapping a private RSA key in PKCS8 using AES-GCM and openSSL 3.20 (library not command line tool)