Collaborate Disseminate
What types of certificates are there?
I was checking online and I found several different types, some at the level of the format of the certificate (x509, PEM, DER), and one at the application level (TLS/SSL, SSH, PGP).
Can someone please … Continue reading Types of certificate? [duplicate]
I have a reported finding saying that hostname verification is disabled.
This can be deduced from this line of code:
final HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
httpClientBuilder.setSSLContext(sslContext).se… Continue reading How to verify hostname of certificate? and Is it mandatory if client knows the certificate?
I have this line of code in a client server project:
sslContext.init(null, new TrustManager[]{new TrustAnyManager()}, null);
A security guy pointed out that this is skipping the validation of the certificate, but I don’t understand the se… Continue reading What is the security impact of disabling certificate check [duplicate]
Let’s say we produce IoT devices and want them to access AWS IoT Core.
The best solution is something like: every device has a (unique) private key and a public X.509 certificate signed by a valid Certification Authority.
This way, the dev… Continue reading AWS IoT – Use a temporary certificate created at build time to authenticate a device for self-enrolment
The RFC – 7030 section 4.2.2, EST protocol, suggests to use the Change Subject Name attribute when the client would like to use a different subject for the new issued certificate during reenrollment.
There are two things
I can’t use the O… Continue reading How to include ChangeSubjectName in CSR?
Can I convert a PGP key to X.509, using OpenSSL or GNUPG?
Aren’t these only container/wrapper formats?
I just started using a Yubikey 5. I’ve set up GPG according to this excellent guide, and now I have 3 working ECC key pairs on my Yubikey: Sign/S :: ed25519, Encrypt/E :: cv25519, Authentication/A :: ed25519.
Now I want to use my Yubikey t… Continue reading Certify using Yubikey
I would like to know how are X.509 certificates revoked.
That is: Say I have an X509 certificate, and I want it to be revoked for whatever reason (e.g., compromise). How do I reach out to the CA? What information do I need to provide? How … Continue reading How are X.509 certificate revoked?
User Crover has given a very great explanation for this question:
RSA or ECDHE for x.509 certificates-what does each do?
I have one question to Crover and/or any other member.
What I understand from the Crover’s answer, if client (a Web Br… Continue reading Web Browser and server using ECDHE_RSA cypher suite, then what is the use of X.509 certificate public key for?
The Subject Public Key Info field can have a value like ECDSA_P256 or ECDH_P256 when ECC is used.
Why is it not sufficient to specify "ECC_P256"? In other words, why is it not enough to specify just the curve parameters (like pri… Continue reading Why does the Public Key Info field in an X509 certificate for EC indicate the algorithm