Collaborate Disseminate
I installed a duplicate certificate for a CN in the ca-trust store of my RHEL8 systems. I added the PEM file to /etc/pki/ca-trust/source/anchors and ran update-ca-trust.
How can I remove the certificate(s) that update-ca-trust installed? I… Continue reading How do I remove a certificate from (RedHat) Linux ca-trust? [migrated]
21 CFR Part 11’s Subpart B for Electronic Records has a section on ‘Controls for Open Systems" stating that:
Persons who use open systems to create, modify, maintain, or transmit
electronic records shall employ procedures and control… Continue reading Is Digital Signature really necessary for an open system considered by FDA’s 21 CFR Part 11?
I recently encountered a scenario where Mobile Application is generating CSR request, call a POST API request and in response, Ask Server for certificate. Server will respond with the temporary certificate and Mobile Application will use t… Continue reading How to Capture Mobile API Requests in burp when Server side pinning is implemented
I use various Linux machines where I like to sync some config and other important files. This is a security risk, as an intruder on one machine could easily modify some script that would be propagated to the other machines automatically.
T… Continue reading multiple machines sync without single point of failure
Let’s say that there’s a known digital signature issued by a trusted CA.
Normally, digital signatures need to be evaluated: checked if they are expired, revoked, if there’s a problem in the chain of trust. However, if these aspects are a g… Continue reading Is hashing a digital signature for quick (but incomplete) validation a known and/or acceptable practice?
I would like to know how are X.509 certificates revoked.
That is: Say I have an X509 certificate, and I want it to be revoked for whatever reason (e.g., compromise). How do I reach out to the CA? What information do I need to provide? How … Continue reading How are X.509 certificate revoked?
User Crover has given a very great explanation for this question:
RSA or ECDHE for x.509 certificates-what does each do?
I have one question to Crover and/or any other member.
What I understand from the Crover’s answer, if client (a Web Br… Continue reading Web Browser and server using ECDHE_RSA cypher suite, then what is the use of X.509 certificate public key for?
How do I indicate that a specific document or transaction associated with a particular signature should no longer be considered valid?
I’m talking of recalling a signed document, not revoking the private key, because with the private key I… Continue reading Revoking a digital signature at the cryptographic level
Bootloader of the BitBox02 crypto wallet verifies the main application with the public keys that are attached to the firmware update itself. Next to that, there are signatures of the public keys, signed by the company’s private key.
As per the recent jabber.ru MITM attack:
The attacker has issued several new TLS certificates using Let’s Encrypt service which were used to hijack encrypted STARTTLS connections on port 5222 using transparent MiTM proxy.
My understandin… Continue reading Can a powerful adversary trick ACME to generate a certificate?