Questions tagged [certificate-authority]
A Certificate Authority is the collection of hardware, software, and people responsible for issuing certificates in a hierarchical PKI. CAs may be public, as in SSL / TLS and government IDs, or private, as in corporate infrastructures. The primary responsibility of a public CA is to verify the identity of an applicant before issuing them a certificate.
1,311 questions
2
votes
2
answers
731
views
Security of certificates issued by an internal CA
For local development of our website example.com, we want to setup a test environment with https enabled hence we need some for of SSL certificates.
Are self-issued certificates the way to go? Options ...
- 125
0
votes
1
answer
72
views
How is RabbitMQ's certificate authentication secure if it uses PKI?
According to the RabbitMQ documentation, any certificate issued by a CA that is in RabbitMQ's certification bundle will be trusted. Therefore, how can this type of authentication be secure if a CA — e....
0
votes
0
answers
73
views
How to apply code signing
I have a client-server on prem application.
If I want to provide code signing, what are the files that should be signed (exe or jar or cmd or ...) ?
Also should both files on server and on client be ...
- 465
4
votes
1
answer
846
views
Intercepting HTTPS traffic with a trusted root cert and packet capture from the WiFi AP
I have an application in Android (version 6, so quite old) whose communication I want to monitor. I have installed my own root certificate in the user store and Android warns me correctly that data ...
- 521
2
votes
0
answers
89
views
Lists of blocked certificates on various platforms
This webpage by Apple appears to list the certificates that their products automatically treat as untrusted by default. Are there similar resources for other platforms and/or browsers?
On this site, ...
- 121
14
votes
3
answers
3k
views
Should expired (root) certificates be deleted from the certificate store?
I noticed that on Windows systems many expired certificates are listed in the certificate store certmgr. Should they be deleted when expired and if so why or why not?
If they should be deleted why isn'...
- 7,657
4
votes
2
answers
557
views
When to use a CRL distribution point in a root certificate?
I understand that each certificate can have a CRL distribution point (extension 2.5.29.31) – or even multiple ones, but let's not consider that for the moment. Let's assume we have a root CA > ...
- 804
1
vote
0
answers
99
views
Simple certified time format
I have an application where a device needs a signed message "UTC date&time at time of signature", signed by an authority that it trusts. This is simpler than an RFC 3161 timestamp, which ...
- 1,295
1
vote
0
answers
50
views
Where can I get a list of trusted certificate authorities? [duplicate]
Background
(Disclaimer: I know very little on this whole topic)
Let's Encrypt has recently dropped some Certificate Authorities (the TLSv1.0?), which is an issue for Android 4 devices, since now they ...
- 235
12
votes
3
answers
2k
views
Is it common practice to remove trusted certificate authorities (CA) located in untrusted countries?
With all currently ongoing global conflicts in the world, I was thinking about removing default trusted certificate authorities root certificates that are from countries that are (no longer) ...
- 7,657
1
vote
0
answers
100
views
Intermediate issuer field didn't match its CA subject field
While debugging yesterday's Cloudflare incident, I found out their intermediate certificate issuer field differ from its signing CA subject, despite the AKI/SKI were correct.
Here's the relevant CA ...
- 139
0
votes
0
answers
66
views
Create a certificate for a PGP key pair [duplicate]
I have to generate a PGP keypair and share the public key with an external provider. Based on how we already handle it with RSA keypair, we are using the concept of trusted CA which issues certificate ...
- 101
1
vote
0
answers
177
views
Should I house my organization's root CA certificate in public github repostiory?
We have a public repository of a software that uses Docker container. Any thing that runs within the organization sees certificates signed by our org's root CA. For the container to run properly ...
- 111
0
votes
1
answer
112
views
Can a wildcard certificate act as CA for subdomains? [duplicate]
Inspired by Is LetsEncrypt activity Public?
Say I've got a *.mycompany.com certificate from LetsEncrypt on my primary production server. I want to generate a certificate for my honeypot, which might ...
2
votes
1
answer
171
views
practical applications and revoked intermediate/issuing CAs
My mind has been blown by my learning the last few days...it seems that browser handling of CA CRLs and OCSP checking has so much variation present. I'm experimenting with my own root CA, with ...
- 121