Collaborate Disseminate
I have been assigned an application that is a few years old now, written by people who are no longer at the company. There is little-to-no documentation on processes or code.
It signs firmware for a System to accept, while digging through … Continue reading OpenSSL CMS Sign and Verify
I have an issue where I have an iOS app which is pinned to a root certificate of GlobalSign which is due to expire early February. This is their G2 root AlphaSSL cert.
We currently have a site certificate coming off of it which is due to e… Continue reading G4 cert using G2 intermediary cert
If I have a system where I have 100% control over the client operating system and the server operating system, is there any use case for enabling more than one cipher suite (or any of the options that something like openssl will let you co… Continue reading If I control both sides of a connection, is there any reason to support alternate cipher suites?
key1.pem looks like this:
—–BEGIN PRIVATE KEY—–
encoded data
—–END PRIVATE KEY—–
key2.pem looks like this:
—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,28B2F38A64661706B0BC08CE244D8CA8
encoded … Continue reading What is the difference of these two key files? [closed]
I need to protect a private RSA key using a passphrase but using AES-GCM for the actual encryption.
This is normally done using various a combination of openSSL library calls. However, I now need to support using AES-GCM instead of AES-CBC… Continue reading Encrypting/wrapping a private RSA key in PKCS8 using AES-GCM and openSSL 3.20 (library not command line tool)
NET::ERR_CERT_COMMON_NAME_INVALID
This is the error that we’re getting.
And it also says that "adguard has blocked access to this page".
What’s the solution to this?
Would ssl pinning fix this issue of very few clients getting s… Continue reading NET::ERR_CERT_COMMON_NAME_INVALID adguard [closed]
OpenSSL is a full-featured toolkit for general-purpose cryptography and secure communication. The final version of OpenSSL 3.2.0 is now available. Major changes in OpenSSL 3.2.0 This release incorporates the following potentially significant or incompa… Continue reading OpenSSL 3.2.0 released: New cryptographic algorithms, support for TCP fast open, and more!
Regarding the TLS 1.3 Handshake Protocol:
When the Server sends it’s certificate, exactly how does the Client validate this?
I know at a high level the Client is verifying the data the Server sent matches what the Certificate Authority con… Continue reading What happens at a low level when authenticating server certificates?
(Disclaimer: Checked all the openssl related topics, no success).
OpenSSL version: OpenSSL 1.1.1s 1 Nov 2022
I’m trying to generate the chain of certificates, root -> intermediate -> user1,user2,user4 but OpenSSL complains in the ve… Continue reading openssl: Not able to verify 3rd in the chain with self-signed certificate [duplicate]
I’m trying to create a Kubernetes service that uses TLS (in order to be called from an admissionWebhook). Unfortunately, the service calls fails with the following error message:
certificate relies on legacy Common Name field, use SANs in… Continue reading certificate relies on legacy Common Name field, use SANs instead