All Questions
Tagged with tls certificate-authority
547
questions
1
vote
0
answers
41
views
TLS Server Certificate Validations 1.2 [duplicate]
I have just started to study the TLS 1.2 protocol and would like to know what checks are performed on the client side by the browser when checking the server certificate. I would be glad if you could ...
0
votes
3
answers
125
views
Goal of CA is to allow clients ability to determine if TLS was tampered with while "in-transit"?
I believe my question will be a continuation of questions such as:
What's the point of the CA?
How does a digital certificate prove authenticity?
In short, I still don't have a firm grasp on why a ...
0
votes
0
answers
120
views
Openssl command to verify authenticity of CA Issuer? And the "magic" behind it? [duplicate]
I am not confident in my understanding of Certificate Authority and signing certificates. I'm wondering how do you verify the authenticity of an issuer when inspecting an entity certificate.
Here's ...
1
vote
2
answers
153
views
How is issuing a certificate revocation response different from re-issuing the certificate itself?
I am reading about how certificates work in the context of X.509, SSL/TLS/HTTPS. According to Wikipedia, the client (e.g. a browser) is supposed to check the revocation status for each non-root ...
0
votes
1
answer
536
views
Criteria for Common Name of Certificate Authority and how it affects SSL certificates
It is not clear to me how the Common Name affects a certificate authority and the certificates that are ultimately created. For example, I have this simple script that creates some files for a ...
1
vote
0
answers
70
views
Other benefits of creating my certificate authority aside from the firefox issue and centralized management of certificates?
I've been trying to read more about self-signed SSL certificates versus creating my own certificate authority to sign SSL certificates. I am still not completely clear on this.
I'll start by ...
0
votes
1
answer
265
views
Why openssl verify does not work for the certificate chain of a correctly configured site?
I download its certificates. To do that, I used the openssl debug output of the command
openssl s_client -connect security.stackexchange.com:443 -servername security.stackexchange.com -showcerts -...
1
vote
0
answers
300
views
SSL Certificates signed by our CA show as invalid in browser
We're experiencing an issue, where SSL server-certificates issued by our own internal PKI will show as invalid in the browser, when accessing the site.
The error is NET::ERR_CERT_INVALID (Tested in ...
0
votes
1
answer
143
views
What happens at a low level when authenticating server certificates?
Regarding the TLS 1.3 Handshake Protocol:
When the Server sends it's certificate, exactly how does the Client validate this?
I know at a high level the Client is verifying the data the Server sent ...
0
votes
0
answers
82
views
Can you sign a TLS root certificate that already exists? [duplicate]
Alice and Bob have TLS certificate authorities. My device trusts Alice's CA, and connects to servers that present a certificate rooted at Alice's CA. It does not explicitly trust Bob's CA, or the ...
0
votes
1
answer
173
views
Is setting up a CA server necessary when all I want is to test HTTPS for a web project on localhost?
This freeCodeCamp article recommends
setting up a CA server,
installing the CA root certificate file into the system's trust store, and
generating a leaf certificate for the project's web server.
...
0
votes
0
answers
34
views
How do certificate authorities choose which private/public keys to use to encrypt each SSL certificate so a browser can know that they're legit? [duplicate]
My understanding is that for each SSL certificate, there is a private and public key that web browsers use to confirm that it is a valid certificate signed by a trusted Certificate Authority.
How does ...
0
votes
1
answer
849
views
How do TLS clients validate intermediate CA certificates?
I have read many posts related to the intermediate CA certificates and I do hope my question is not a duplication.
Where do TLS clients fetch intermediate CA certificates from?
In SSL server handshake,...
24
votes
4
answers
6k
views
What's the point of certificates in SSL/TLS?
A valid certificate cannot guarantee that I'm not being MITM'd right now, as either the private key or CA may have been compromised. For this reason, I have to contact a CA through CRL/OCSP to check ...
0
votes
2
answers
238
views
What prevents certificate authorities from issuing fraudulent TLS certificates?
There have been reports of attacks against certificate authorities resulting in the issuance of fraudulent TLS certificates for sites such as google.com, yahoo.com, and skype.com. These attacks seem ...