Collaborate Disseminate
I want to deploy X.509 certificates onto a Yubikey into the certificate slots
9a: PIV Authentication
9c: Digital Signature
9d: Key Management
9e: Card Authentication
(see Yubico: PIV Introduction – Certificate Slots) according to the PIV… Continue reading Key Usage and Extended Key Usage for X.509 Certificares on Yubikey
I’m generating self-signed X.509 certificates so I can use TLS in peer-to-peer applications. My problem is that the identifier of each peer is an arbitrary string of bytes derived from the public key, so I’m not sure where would I fit such… Continue reading Using an application specific entity id in X.509 certificates
I recently purchased a new EV certificate (having previously used an OV certificate) and have successfully used it to sign my files.
However I’m getting a lot of warnings from Microsoft Defender about low trust levels on the file and the u… Continue reading Is this X509 Subject field, with no space between ‘jurisdiction’ and an RDN, correctly formatted?
What types of certificates are there?
I was checking online and I found several different types, some at the level of the format of the certificate (x509, PEM, DER), and one at the application level (TLS/SSL, SSH, PGP).
Can someone please … Continue reading Types of certificate? [duplicate]
I have a reported finding saying that hostname verification is disabled.
This can be deduced from this line of code:
final HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
httpClientBuilder.setSSLContext(sslContext).se… Continue reading How to verify hostname of certificate? and Is it mandatory if client knows the certificate?
I have this line of code in a client server project:
sslContext.init(null, new TrustManager[]{new TrustAnyManager()}, null);
A security guy pointed out that this is skipping the validation of the certificate, but I don’t understand the se… Continue reading What is the security impact of disabling certificate check [duplicate]
Let’s say we produce IoT devices and want them to access AWS IoT Core.
The best solution is something like: every device has a (unique) private key and a public X.509 certificate signed by a valid Certification Authority.
This way, the dev… Continue reading AWS IoT – Use a temporary certificate created at build time to authenticate a device for self-enrolment
The RFC – 7030 section 4.2.2, EST protocol, suggests to use the Change Subject Name attribute when the client would like to use a different subject for the new issued certificate during reenrollment.
There are two things
I can’t use the O… Continue reading How to include ChangeSubjectName in CSR?
Can I convert a PGP key to X.509, using OpenSSL or GNUPG?
Aren’t these only container/wrapper formats?
I just started using a Yubikey 5. I’ve set up GPG according to this excellent guide, and now I have 3 working ECC key pairs on my Yubikey: Sign/S :: ed25519, Encrypt/E :: cv25519, Authentication/A :: ed25519.
Now I want to use my Yubikey t… Continue reading Certify using Yubikey