Questions tagged [certificates]
A piece of data used in public key cryptography (specifically public key infrastructures) that contains identifying information (i.e. email address or web address), a hash of a public key, and a digital signature that authenticates the data in the certificate. For questions specifically about [x509], [certificate-authority], or [public-key-infrastructure], please use those tags.
2,879
questions
5
votes
2
answers
1k
views
How did I obtain a wildcard SSL certificate without port 80 opened for a challenge?
I wanted to secure my apps running in a private subnet with SSL. Albeit not necessary, it is very nice to have.
Because of my constant changes, I opted for a wildcard ssl certificate through my DNS ...
0
votes
1
answer
48
views
Using mTLS for API access control and authentication
my question is about using mTLS for API access control and authentication.
I understand in mTLS, both the server and client (making the API request) will verify each other's identity. This allows the ...
1
vote
0
answers
26
views
A certificate chain processed but terminated in a root certificate which is not trusted by the trust provider [migrated]
I noticed that some binaries on my machine were showing up as "Invalid Signature", and looking closer at one of them in particular (Microsoft's "widgets.exe") I noticed something ...
1
vote
0
answers
50
views
Can a certificate have multiple unrelated roots?
I need to install certificates on a server for a particular company. This company has two CA vendors. When renewing a certificate, it could be signed be either one. When I apply the certs to my server,...
2
votes
0
answers
83
views
EIDAS compliant advanced digital signature in company name
The company I work for is developing a digital signature application very similar to DocuSign, but we aim to make our signatures EIDAS compliant.
For the first version we aim to do the same thing ...
0
votes
1
answer
73
views
export burp certificate to wireshark for inspection
I am trying to figure out if i can take the burpsuite certificate and export it to wireshark to be able to inspect the traffic going through it. My main goal here is to test a website i own to see ...
1
vote
0
answers
62
views
ECDSA certificates not impacted by Let’s Encrypt certificate chain change?
We received an email from Cloudflare about the upcoming Let’s Encrypt certificate chain change.
At some point, it states that "Additionally, this change only impacts RSA certificates. It does not ...
3
votes
1
answer
429
views
Multiple certificate chains on a single server for TLS
Is it possible for a single server to use two different certificate chains for TLS?
For instance, rootCA1, intermediateCert1, serverCert1, rootCA2, intermediateCert2, serverCert2.
If this is possible, ...
0
votes
1
answer
68
views
Using an application specific entity id in X.509 certificates
I'm generating self-signed X.509 certificates so I can use TLS in peer-to-peer applications. My problem is that the identifier of each peer is an arbitrary string of bytes derived from the public key, ...
0
votes
0
answers
72
views
Is this X509 Subject field, with no space between 'jurisdiction' and an RDN, correctly formatted?
I recently purchased a new EV certificate (having previously used an OV certificate) and have successfully used it to sign my files.
However I'm getting a lot of warnings from Microsoft Defender about ...
0
votes
0
answers
24
views
Making a safe certifcates system for an actions API [duplicate]
I have been working on a certificate system for use (as a means of authentication) with my accounts system APIs. I am still thinking out the details, I have only watched a few videos on asymmetric ...
0
votes
0
answers
37
views
Types of certificate? [duplicate]
What types of certificates are there?
I was checking online and I found several different types, some at the level of the format of the certificate (x509, PEM, DER), and one at the application level (...
0
votes
1
answer
148
views
How to verify hostname of certificate? and Is it mandatory if client knows the certificate?
I have a reported finding saying that hostname verification is disabled.
This can be deduced from this line of code:
final HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
...
0
votes
0
answers
54
views
What is the security impact of disabling certificate check [duplicate]
I have this line of code in a client server project:
sslContext.init(null, new TrustManager[]{new TrustAnyManager()}, null);
A security guy pointed out that this is skipping the validation of the ...
0
votes
0
answers
26
views
Given the wide trust of Domain Validated certificates by browsers, is there any reason to get higher validation for Internet/public-facing websites? [duplicate]
Let's Encrypt has made Domain Validated certificate ubiquitous and trusted by mainstream browsers. Against this backdrop, is there any reason for an Internet and general public-facing https website to ...