What are the disadvantage of not using intermediate and root file while uploading ssl certificate to nginx?

I was installing ssl certificate in nginx server.
We were given 4 files. I could not note what contained in those files, but I vaguely remember their name.

root.txt
intermediate.txt
private.txt
certificate.txt

But I used only private.txt… Continue reading What are the disadvantage of not using intermediate and root file while uploading ssl certificate to nginx?

Why is a v3 extension needed for a X.509 certificate to be used to test HTTPS on localhost?

I’m learning how to test HTTPS locally and found that articles written before ca. 2019 (e.g., 1, 2, 3) contain only a few steps, whereas later posts (e.g., 4, 5, 6, 7, 8, 9) always make sure that v3 extensions are also configured.
Why is t… Continue reading Why is a v3 extension needed for a X.509 certificate to be used to test HTTPS on localhost?

How underlying protocol, like TLS, determines which TCP payloads should be combined to form a complete PDU? [closed]

I understand that the TCP itself provides a byte stream connection, but has no idea nor does it care what its payload is and how it is segmented to fit into individual packets that travel on the wire.
Observing the process in Wireshark, I … Continue reading How underlying protocol, like TLS, determines which TCP payloads should be combined to form a complete PDU? [closed]

Could a trusted CA pretend to be me and run a MITM? [duplicate]

Sorry for the basic question, I’m still wrapping my head around the ins and outs of SSL and asymmetric encryption. In order to better test my understanding, I was considering the following thought experiment:
Given a CA is responsible for … Continue reading Could a trusted CA pretend to be me and run a MITM? [duplicate]

Where would an HTTPS request fail if the domain erroneously resolves to the wrong IP address? [duplicate]

I just learned that, for whatever reason, domain names can get resolved to the wrong IP address, therefore requests can hit the wrong servers. (Just some examples of erroneous domain resolutions from Server Fault: 1, 2, 3.)
Now, if this sc… Continue reading Where would an HTTPS request fail if the domain erroneously resolves to the wrong IP address? [duplicate]

Posted in TLS

Is setting up a CA server necessary when all I want is to test HTTPS for a web project on localhost?

This freeCodeCamp article recommends

setting up a CA server,
installing the CA root certificate file into the system’s trust store, and
generating a leaf certificate for the project’s web server.

Based on my understanding of the TLS hand… Continue reading Is setting up a CA server necessary when all I want is to test HTTPS for a web project on localhost?

PCI-DSS Compliance: SSL Tunneling Credit Card Information Through A HTTPS Mobile/Residential Proxy Service to A Destination Service

If a PCI compliant service decides to SSL-Tunnel credit card information via an independent residential/mobile proxy service to a destination payment service, would this protocol still be PCI compliant?
Since the credit card information is… Continue reading PCI-DSS Compliance: SSL Tunneling Credit Card Information Through A HTTPS Mobile/Residential Proxy Service to A Destination Service