Collaborate Disseminate
I am not confident in my understanding of Certificate Authority and signing certificates. I’m wondering how do you verify the authenticity of an issuer when inspecting an entity certificate.
Here’s the scenario that I am using to improve … Continue reading Openssl command to verify authenticity of CA Issuer? And the "magic" behind it? [duplicate]
I just stumbled upon this fedramp document: https://www.fedramp.gov/assets/resources/templates/FedRAMP-Moderate-Readiness-Assessment-Report-(RAR)-Template.docx
It contains the following note in 4.2.2 Transport Layer Security:
Note: DHS BO… Continue reading Why does Fedramp disallow TLS 1.2 via HSTS?
I have a mobile app deployed to millions of user in both Android and iOS.
My Security dpto rotates our certs once a year.
Our certs are issued by GlobalSign.
I would like to pin the certificate without having to worry about the rotation of… Continue reading Will this certificate Pinning plan work as expected?
I am facing an issue where some (not all) Windows 10 machines receive a CERT_AUTHORITY_INVALID error when they are trying to open an internal application:
When I observed on the firewall it was directing clients towards a blocked IP. I re… Continue reading "Your connection is not private" error on a locally published application [closed]
I’m looking for a standard solution to the following problem. I’ve been unable to find how something like this is normally accomplished. Even a key word that points me in the right direction would be helpful at this point.
Imagine two devi… Continue reading Authenticating a device for remote motor control
I am attempting to perform real time decryption of TLS 1.3 packets (TLS_AES_256_GCM_SHA384). I have retrieved the mastersecrets for the specific flow by using uprobes on OpenSSL, and matched the mastersecrets to the flow using ClientRandom… Continue reading Real Time Decryption of TLS 1.3 packets Asked today Modified today [closed]
I am reading about how certificates work in the context of X.509, SSL/TLS/HTTPS. According to Wikipedia, the client (e.g. a browser) is supposed to check the revocation status for each non-root certificate as a part of certification path v… Continue reading How is issuing a certificate revocation response different from re-issuing the certificate itself?
It is not clear to me how the Common Name affects a certificate authority and the certificates that are ultimately created. For example, I have this simple script that creates some files for a certificate authority auto-generated/ca.* and… Continue reading Criteria for Common Name of Certificate Authority and how it affects SSL certificates
Let’s say I made a platform called the HelloWorld Platform. The HelloWorld Platform consists of one RaspberryPi that hosts PHP based REST API and one RaspberryPi that has temperature sensor that relays data to a self-hosted bash script w… Continue reading Creating SSL certificates that can work on any local area network?
I would like to know how I can test if my devices, or browsers1 checks and applies DNS Certification Authority Authorization (CAA) correctly. And if it does not, how I can enable it and enforce CAA to be checked and rejected or at least wa… Continue reading How can I test in my device checks DNS CAA correctly and rejects TLS certificates that are signed by an unauthorized CA?