All Questions
Tagged with tls certificates
1,300
questions
1
vote
0
answers
41
views
TLS Server Certificate Validations 1.2 [duplicate]
I have just started to study the TLS 1.2 protocol and would like to know what checks are performed on the client side by the browser when checking the server certificate. I would be glad if you could ...
- 11
5
votes
2
answers
1k
views
How did I obtain a wildcard SSL certificate without port 80 opened for a challenge?
I wanted to secure my apps running in a private subnet with SSL. Albeit not necessary, it is very nice to have.
Because of my constant changes, I opted for a wildcard ssl certificate through my DNS ...
0
votes
1
answer
74
views
export burp certificate to wireshark for inspection
I am trying to figure out if i can take the burpsuite certificate and export it to wireshark to be able to inspect the traffic going through it. My main goal here is to test a website i own to see ...
- 39
1
vote
0
answers
62
views
ECDSA certificates not impacted by Let’s Encrypt certificate chain change?
We received an email from Cloudflare about the upcoming Let’s Encrypt certificate chain change.
At some point, it states that "Additionally, this change only impacts RSA certificates. It does not ...
3
votes
1
answer
433
views
Multiple certificate chains on a single server for TLS
Is it possible for a single server to use two different certificate chains for TLS?
For instance, rootCA1, intermediateCert1, serverCert1, rootCA2, intermediateCert2, serverCert2.
If this is possible, ...
- 33
0
votes
1
answer
154
views
How to verify hostname of certificate? and Is it mandatory if client knows the certificate?
I have a reported finding saying that hostname verification is disabled.
This can be deduced from this line of code:
final HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
...
- 67
0
votes
0
answers
54
views
What is the security impact of disabling certificate check [duplicate]
I have this line of code in a client server project:
sslContext.init(null, new TrustManager[]{new TrustAnyManager()}, null);
A security guy pointed out that this is skipping the validation of the ...
- 67
0
votes
1
answer
96
views
How can Amazon add its own headers when I make HTTPS requests to a web application?
I was playing with httpbin.org to test a client and discovered that some sites will get an header I did not set (X-Amzn-Trace-Id). If I do a curl https://httpbin.org/headers (which will respond with ...
- 101
0
votes
2
answers
258
views
What is the impact of disabled TLS hostname verification?
If I have a java client that connects to a server, but in the java client code where the connection is built, it skips hostname verification disabled.
When a client tries to connect to serverA.com, ...
- 67
0
votes
0
answers
82
views
Checking Against the CN Of Every Certificate In The Certificate Chain
Is it possible to check against the CN (Common Name) or SAN (Subject Alternative Names) of each and every certificate in the certificate chain for a match ?
I have 2 docker containers hosted on my VM, ...
0
votes
2
answers
143
views
Automatically check if a certificate matches specific ciphers
My nginx backend server supports the following ciphers:
ssl_ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:...
- 1
0
votes
0
answers
100
views
Connecting Logstash To Elasticsearch via SSL (Docker Container)
My environment consists of 2 docker containers, one running Logstash and another running Elasticsearch on the SAME host & SAME docker network.
I am trying to setup SSL between the 2 of them (this ...
0
votes
0
answers
64
views
Will this certificate Pinning plan work as expected?
I have a mobile app deployed to millions of user in both Android and iOS.
My Security dpto rotates our certs once a year.
Our certs are issued by GlobalSign.
I would like to pin the certificate ...
- 119
1
vote
0
answers
70
views
Other benefits of creating my certificate authority aside from the firefox issue and centralized management of certificates?
I've been trying to read more about self-signed SSL certificates versus creating my own certificate authority to sign SSL certificates. I am still not completely clear on this.
I'll start by ...
- 275
0
votes
1
answer
116
views
Does EAP TLS benefit from “Verify the server’s identity by validating the certificate” setting
For PEAP it's important to enable the "Verify the server’s identity by validating the certificate" setting in a Windows WiFi profile. Is there any benefit enabling this for EAP TLS? If I ...
- 101