Questions tagged [certificates]
A piece of data used in public key cryptography (specifically public key infrastructures) that contains identifying information (i.e. email address or web address), a hash of a public key, and a digital signature that authenticates the data in the certificate. For questions specifically about [x509], [certificate-authority], or [public-key-infrastructure], please use those tags.
2,901 questions
2votes
1answer
122views
Extract CRT and KEY from signed PEM file without the openssl tool
Is there any way to extract a private key from a PEM file without the openssl tool on Windows? Windows MMC won't do the trick as I cannot export to PKCS#12 due to my work laptop security restrictions ...
3votes
2answers
860views
Hiding information in the SAN field of a certificate
I was doing a Nmap scan on the public network of the company that I work for. Using the script "-sC" I noticed that the scan showed the certificate, and in particular the SAN section. In ...
- 31
3votes
1answer
1kviews
Can a public certificate provider impersonate an AD?
I do not know much about how MS Windows interprets client certificates but I was faced with a statement I have a hard time integrating. The context: organization EXAMPLE has an Active Directory and an ...
- 9,218
0votes
1answer
72views
How is RabbitMQ's certificate authentication secure if it uses PKI?
According to the RabbitMQ documentation, any certificate issued by a CA that is in RabbitMQ's certification bundle will be trusted. Therefore, how can this type of authentication be secure if a CA — e....
3votes
4answers
2kviews
HTTP 2 not possible without certificate? [closed]
It appears that HTTP/2 requires TLS. Which is fine, but why are certificates mandatory? From what I know you can have TLS without certificates. Certificates just add an extra layer of security. How ...
- 693
1vote
0answers
90views
Unsigned iOS configuration profile risks
I would like to install some fonts from my Mac onto my iPad. I’ve created a configuration profile with Configurator 2 to achieve this. I am not currently enrolled in the Developer program so I cannot ...
- 111
0votes
0answers
73views
How to apply code signing
I have a client-server on prem application. If I want to provide code signing, what are the files that should be signed (exe or jar or cmd or ...) ? Also should both files on server and on client be ...
- 465
2votes
0answers
88views
Lists of blocked certificates on various platforms
This webpage by Apple appears to list the certificates that their products automatically treat as untrusted by default. Are there similar resources for other platforms and/or browsers? On this site, ...
- 121
14votes
3answers
3kviews
Should expired (root) certificates be deleted from the certificate store?
I noticed that on Windows systems many expired certificates are listed in the certificate store certmgr. Should they be deleted when expired and if so why or why not? If they should be deleted why isn'...
- 7,657
1vote
0answers
99views
Simple certified time format
I have an application where a device needs a signed message "UTC date&time at time of signature", signed by an authority that it trusts. This is simpler than an RFC 3161 timestamp, which ...
- 1,295
12votes
3answers
2kviews
Is it common practice to remove trusted certificate authorities (CA) located in untrusted countries?
With all currently ongoing global conflicts in the world, I was thinking about removing default trusted certificate authorities root certificates that are from countries that are (no longer) ...
- 7,657
4votes
2answers
1kviews
Why does ctldl.windowsupdate.com not use (valid) TLS?
I noticed DNS requests to the domain: ctldl.windowsupdate.com. Some report it as malicious but I think it a false-positive, and it is legitimately Microsoft. It is also mentioned in https://security....
- 7,657
4votes
1answer
327views
How to generate a p12 with javascript generated key pair and server side internal CA
I'm working on a client-certificate based authentication of users for a website. The server configuration part is OK (Apache server, keywords: SSLCACertificateFile / SSLVerifyDepth / SSLVerifyClient ...
- 143
1vote
1answer
200views
How to determine hashing algorithm of a public key in the certificate?
The certificate has the fields Signature algorithm and Signature hash algorithm, which determine what algorithm the certificate was signed with, and Public key, which determines what algorithm the ...
4votes
2answers
1kviews
Static vs dynamic certificate pinning
This question’s answers do a pretty good job at explaining TLS certificate pinning, and this (external) article is the only source (I could find) that even briefly explains the differences between ...
- 4,735
