Questions tagged [certificate-authority]
A Certificate Authority is the collection of hardware, software, and people responsible for issuing certificates in a hierarchical PKI. CAs may be public, as in SSL / TLS and government IDs, or private, as in corporate infrastructures. The primary responsibility of a public CA is to verify the identity of an applicant before issuing them a certificate.
1,295
questions
1
vote
0
answers
42
views
TLS Server Certificate Validations 1.2 [duplicate]
I have just started to study the TLS 1.2 protocol and would like to know what checks are performed on the client side by the browser when checking the server certificate. I would be glad if you could ...
0
votes
1
answer
64
views
Root CA blocked by OS - would apps programmed to trust the root CA be affected?
The situation:
Custom Root CA is created by some country.
Not trusted by major browsers but trusted by some local ones. Also used by some local sites which direct users to install this root CA.
some ...
1
vote
1
answer
126
views
Why does AWS strongly recommend a non-self-signed, code-signing certificate?
I am developing a hardware device that utilizes AWS IoT OTA via FreeRTOS. On this AWS web page, it says
We recommend that you purchase a code-signing certificate from a
company with a good ...
0
votes
3
answers
125
views
Goal of CA is to allow clients ability to determine if TLS was tampered with while "in-transit"?
I believe my question will be a continuation of questions such as:
What's the point of the CA?
How does a digital certificate prove authenticity?
In short, I still don't have a firm grasp on why a ...
0
votes
0
answers
78
views
Making CA certificates with `-subj` vs. `openssl-ca.cnf`?
I read through the answers from this question here:
https://stackoverflow.com/questions/21297139/how-do-you-sign-a-certificate-signing-request-with-your-certification-authority
But my comprehension on ...
0
votes
0
answers
120
views
Openssl command to verify authenticity of CA Issuer? And the "magic" behind it? [duplicate]
I am not confident in my understanding of Certificate Authority and signing certificates. I'm wondering how do you verify the authenticity of an issuer when inspecting an entity certificate.
Here's ...
1
vote
2
answers
153
views
How is issuing a certificate revocation response different from re-issuing the certificate itself?
I am reading about how certificates work in the context of X.509, SSL/TLS/HTTPS. According to Wikipedia, the client (e.g. a browser) is supposed to check the revocation status for each non-root ...
0
votes
1
answer
536
views
Criteria for Common Name of Certificate Authority and how it affects SSL certificates
It is not clear to me how the Common Name affects a certificate authority and the certificates that are ultimately created. For example, I have this simple script that creates some files for a ...
1
vote
0
answers
70
views
Other benefits of creating my certificate authority aside from the firefox issue and centralized management of certificates?
I've been trying to read more about self-signed SSL certificates versus creating my own certificate authority to sign SSL certificates. I am still not completely clear on this.
I'll start by ...
0
votes
1
answer
265
views
Why openssl verify does not work for the certificate chain of a correctly configured site?
I download its certificates. To do that, I used the openssl debug output of the command
openssl s_client -connect security.stackexchange.com:443 -servername security.stackexchange.com -showcerts -...
1
vote
0
answers
300
views
SSL Certificates signed by our CA show as invalid in browser
We're experiencing an issue, where SSL server-certificates issued by our own internal PKI will show as invalid in the browser, when accessing the site.
The error is NET::ERR_CERT_INVALID (Tested in ...
2
votes
0
answers
64
views
Requesting an user-specific certificate in a tiered domain
Environment:
A multi-tiered Active Directory (AD) where tier-specific admin accounts are restricted to log on to only their tier servers.
Microsoft's Certificate Services (CS).
Let's say the CA tier ...
1
vote
0
answers
83
views
Support for domain-specific root CAs in X.509 certificate format, OS and browsers
Chance is one gets an invalid certificate warning when one follows this link https://www.cnss.gov. As explained there (same warning) this is on purpose, and the solution is supposed to be to install1 ...
2
votes
1
answer
117
views
How to feasibly digital sign high volume documents with CA issued digital certificate?
My organisation, say Acme, is building an e-signature platform where global businesses sign up and use the platform to send out e-signature requests. And when signers in a particular e-sign request ...
0
votes
2
answers
223
views
Is there a tool for auditing my root certificates?
Is there any tool out there that will monitor my system's use of root CAs? So far I have not found anything, and so I am hoping that this community will know if such a tool exists.
For background, I ...