What is default_crl_days in OpenSSL and recommended days?

I’m new and I’m trying to understand default_crl_days. The default is 30 days thus does it mean after 30 days, the CRL list can no longer be trusted? If so, do we need to generate a new list before 30 days is up?
And what would be the reco… Continue reading What is default_crl_days in OpenSSL and recommended days?

What are the disadvantage of not using intermediate and root file while uploading ssl certificate to nginx?

I was installing ssl certificate in nginx server.
We were given 4 files. I could not note what contained in those files, but I vaguely remember their name.

root.txt
intermediate.txt
private.txt
certificate.txt

But I used only private.txt… Continue reading What are the disadvantage of not using intermediate and root file while uploading ssl certificate to nginx?

Could a trusted CA pretend to be me and run a MITM? [duplicate]

Sorry for the basic question, I’m still wrapping my head around the ins and outs of SSL and asymmetric encryption. In order to better test my understanding, I was considering the following thought experiment:
Given a CA is responsible for … Continue reading Could a trusted CA pretend to be me and run a MITM? [duplicate]

What value is there in separating outbound vs. inbound credential usage in a TLS API?

OpenSSL defines an SSL_CTX struct which can be charged with (client or server) identities. If you pass it to SSL_connect, you’re a client; if you pass it to SSL_accept, you’re a server.
With SSPI/SChannel on Windows it appears that you’re … Continue reading What value is there in separating outbound vs. inbound credential usage in a TLS API?