Why should I go to SHA512withRSA signature for my Android apps?

I have an Android 11 device and many of my apps and system apps use MD5withRSA or SHA1withRSA as signature algorithm by default.
Why should I take my apps SHA256withRSA or SHA512withRSA? Are there any advantages, if so what are they? Are t… Continue reading Why should I go to SHA512withRSA signature for my Android apps?

TLS and self-signed certs. Is hostname verification necessary if client-supplied CA is the same as server leaf cert?

TLS client implementations will tend to try and do hostname verification by default for remote TLS endpoints (servers). The client connects to the server, and as part of the negotiation the certificate chain is checked (valid, signed by a … Continue reading TLS and self-signed certs. Is hostname verification necessary if client-supplied CA is the same as server leaf cert?

Provide TLS keystore with self-signed cert for localhost with the application – good idea?

My company provides an integration component, along with a huge web application that is used in intranet scenarios from Citrix terminal servers. This integration component — let’s call it CS — is implemented in Java and is launched in the … Continue reading Provide TLS keystore with self-signed cert for localhost with the application – good idea?

HTTPS IP devices and certificate best practices, why can’t I sign a certificate for my local ip device?

I have a IPv4 network behind a pfSense firewall at my small business. We have around 200 IP devices on the network. We have about 30 Axis IP cameras which have MJPG streams embedded into webpages as img tags. The webserver is internal and … Continue reading HTTPS IP devices and certificate best practices, why can’t I sign a certificate for my local ip device?