Collaborate Disseminate
Let’s say I made a platform called the HelloWorld Platform. The HelloWorld Platform consists of one RaspberryPi that hosts PHP based REST API and one RaspberryPi that has temperature sensor that relays data to a self-hosted bash script w… Continue reading Creating SSL certificates that can work on any local area network?
I would like to know how I can test if my devices, or browsers1 checks and applies DNS Certification Authority Authorization (CAA) correctly. And if it does not, how I can enable it and enforce CAA to be checked and rejected or at least wa… Continue reading How can I test in my device checks DNS CAA correctly and rejects TLS certificates that are signed by an unauthorized CA?
I’ve been trying to read more about self-signed SSL certificates versus creating my own certificate authority to sign SSL certificates. I am still not completely clear on this.
I’ll start by explaining my use case: I have customers that … Continue reading Other benefits of creating my certificate authority aside from the firefox issue and centralized management of certificates?
If I use the ACME protocol to generate Certificates and I use the TLS Challenge, is the DNS Server a critical part in the threat model?
Continue reading Does the DNS belong to the threat model in the ACME protocol with the TLS challenge
When connecting with my email client using TLS, is the username always encrypted or is it exposed to sniffing (for example, before handshake)?
mTLS where the client and the server authenticate each other.
How do the client and the server know whether they should use TLS or mTLS? Is that part of the handshake?
Continue reading How do client and server negotiate whether to use TLS or mTLS? [closed]
User Crover has given a very great explanation for this question:
RSA or ECDHE for x.509 certificates-what does each do?
I have one question to Crover and/or any other member.
What I understand from the Crover’s answer, if client (a Web Br… Continue reading Web Browser and server using ECDHE_RSA cypher suite, then what is the use of X.509 certificate public key for?
First of all I want to address a thought I had which is that they might market their ability to read the encrypted code being sent so they can spot "bots" and such, and that this is why they need to be able to decrypt the communi… Continue reading Why can’t we encrypt twice instead of having Cloudflare MITM half the internet?
Insecure Implementation of SSL. Trusting all the certificates or accepting self-signed certificates is a critical Security Hole. This application is vulnerable to MITM attacks.
How to resolve this in an Android project?
I am working on a project where I am port scanning the full IPv4 address space globally and analysing the banner behind the hosts (services, software versions etc.). For some hosts I found TLS certificates that have MAC addresses in the co… Continue reading Is it a security risk to put MAC-adresses in a TLS certifcate common name? [closed]