Questions tagged [certificate-authority]
A Certificate Authority is the collection of hardware, software, and people responsible for issuing certificates in a hierarchical PKI. CAs may be public, as in SSL / TLS and government IDs, or private, as in corporate infrastructures. The primary responsibility of a public CA is to verify the identity of an applicant before issuing them a certificate.
1,311 questions
2votes
2answers
731views
Security of certificates issued by an internal CA
For local development of our website example.com, we want to setup a test environment with https enabled hence we need some for of SSL certificates. Are self-issued certificates the way to go? Options ...
0votes
1answer
72views
How is RabbitMQ's certificate authentication secure if it uses PKI?
According to the RabbitMQ documentation, any certificate issued by a CA that is in RabbitMQ's certification bundle will be trusted. Therefore, how can this type of authentication be secure if a CA — e....
0votes
0answers
73views
How to apply code signing
I have a client-server on prem application. If I want to provide code signing, what are the files that should be signed (exe or jar or cmd or ...) ? Also should both files on server and on client be ...
- 465
4votes
1answer
842views
Intercepting HTTPS traffic with a trusted root cert and packet capture from the WiFi AP
I have an application in Android (version 6, so quite old) whose communication I want to monitor. I have installed my own root certificate in the user store and Android warns me correctly that data ...
- 521
2votes
0answers
88views
Lists of blocked certificates on various platforms
This webpage by Apple appears to list the certificates that their products automatically treat as untrusted by default. Are there similar resources for other platforms and/or browsers? On this site, ...
- 121
14votes
3answers
3kviews
Should expired (root) certificates be deleted from the certificate store?
I noticed that on Windows systems many expired certificates are listed in the certificate store certmgr. Should they be deleted when expired and if so why or why not? If they should be deleted why isn'...
- 7,657
4votes
2answers
556views
When to use a CRL distribution point in a root certificate?
I understand that each certificate can have a CRL distribution point (extension 2.5.29.31) – or even multiple ones, but let's not consider that for the moment. Let's assume we have a root CA > ...
- 804
1vote
0answers
99views
Simple certified time format
I have an application where a device needs a signed message "UTC date&time at time of signature", signed by an authority that it trusts. This is simpler than an RFC 3161 timestamp, which ...
- 1,295
1vote
0answers
50views
Where can I get a list of trusted certificate authorities? [duplicate]
Background (Disclaimer: I know very little on this whole topic) Let's Encrypt has recently dropped some Certificate Authorities (the TLSv1.0?), which is an issue for Android 4 devices, since now they ...
- 235
12votes
3answers
2kviews
Is it common practice to remove trusted certificate authorities (CA) located in untrusted countries?
With all currently ongoing global conflicts in the world, I was thinking about removing default trusted certificate authorities root certificates that are from countries that are (no longer) ...
- 7,657
1vote
0answers
100views
Intermediate issuer field didn't match its CA subject field
While debugging yesterday's Cloudflare incident, I found out their intermediate certificate issuer field differ from its signing CA subject, despite the AKI/SKI were correct. Here's the relevant CA ...
- 139
0votes
0answers
66views
Create a certificate for a PGP key pair [duplicate]
I have to generate a PGP keypair and share the public key with an external provider. Based on how we already handle it with RSA keypair, we are using the concept of trusted CA which issues certificate ...
- 101
1vote
0answers
175views
Should I house my organization's root CA certificate in public github repostiory?
We have a public repository of a software that uses Docker container. Any thing that runs within the organization sees certificates signed by our org's root CA. For the container to run properly ...
- 111
0votes
1answer
112views
Can a wildcard certificate act as CA for subdomains? [duplicate]
Inspired by Is LetsEncrypt activity Public? Say I've got a *.mycompany.com certificate from LetsEncrypt on my primary production server. I want to generate a certificate for my honeypot, which might ...
2votes
1answer
171views
practical applications and revoked intermediate/issuing CAs
My mind has been blown by my learning the last few days...it seems that browser handling of CA CRLs and OCSP checking has so much variation present. I'm experimenting with my own root CA, with ...
- 121
