Collaborate Disseminate
The Subject Public Key Info field can have a value like ECDSA_P256 or ECDH_P256 when ECC is used.
Why is it not sufficient to specify "ECC_P256"? In other words, why is it not enough to specify just the curve parameters (like pri… Continue reading Why does the Public Key Info field in an X509 certificate for EC indicate the algorithm
Say that I have generated an RSA keypair, which I intend to publish only for use with RSA-KEM; I can see that this is provisioned for:
The intended application for the key MAY be indicated in the key usage certificate extension (see RFC 5… Continue reading Does self-signed encryption certificate violate "no multi-use keys" principle?
I need to create a certificate with:
subject.attribute1: 2.5.4.3 {Common Name} UTF8String
subject.attribute2: 2.5.4.92 {tagAFI} OCTET STRING
subject.attribute3: 0.9.2342.1920.0300.100.1.1 {userId} UTF8String
Anyone any idea on how to do t… Continue reading How do I create a certificate with subject containing Octet string?
To this date, is there a specification or a de-facto industry standard or how applications are supposed to perform certification path building in the context of X.509? I am specifically asking about the part of the certification path build… Continue reading Certification path building for 509 certificates
Both are binary files and both can store digital certificates and private keys.
Continue reading What’s the difference between DER and PKCS#12 formats? [closed]
I have an IoT device which is failing to establish a connection with the cloud. The problem is related to the device X509 certificate (to the best of my understanding). I’ve posted a version of this question in the general stackoverflow to… Continue reading How to resolve an issue with potential mismatch between device certificate and CA certificate?
Per the OpenSSL 3.1 documentation for the x509 subcommand, the -sigopt flag allows one to pass signing options. The documentation for that flag currently states:
-sigopt nm:v
Pass options to the signature algorithm during sign operations… Continue reading openssl x509 -sigopt algorithms and options list?
I’m learning how to test HTTPS locally and found that articles written before ca. 2019 (e.g., 1, 2, 3) contain only a few steps, whereas later posts (e.g., 4, 5, 6, 7, 8, 9) always make sure that v3 extensions are also configured.
Why is t… Continue reading Why is a v3 extension needed for a X.509 certificate to be used to test HTTPS on localhost?
I have several MongoDB’s where I use x.509 Certificates to Authenticate Clients
Let’s say I create certificate and user for admin:
subject: CN=admin
issuer: CN=MongoDB Issuing CA
-> db.createUser({user: "CN=admin"})
When I p… Continue reading Best practice of x.509 client certificates accross multiple systems
I’m exploring PKI and reached the following issue –
I’m generating root CA for an organization and intermediate CA per every user (unique).
But then it hit me that essentially any user (Alice) in the organization can "fake" a sit… Continue reading Limit the intermediate CA to be trusted only on one host