Skip to main content
Server Fault

Questions tagged [x509]

Ask Question

X.509 is an ITU-T standard commonly used for public key infrastructure (PKI) and for privilege management infrastructure (PMI).

115 questions
Newest Active Bountied Unanswered
2 votes
0 answers
28 views

Client certificates and custom revoked html

I can configure Apache to authenticate users with client certificate and validate them via OCSP. Do you know how can I redirect the user to a custom html page if the certificate is revoked? The ...
Tibor's user avatar
Tibor
  • 121
2 votes
1 answer
124 views

What happens if the startdate of a CA is later that the startdate of a X509 certificate signed by it?

I am in the process of extending the lifetime of a private CA creating a new certificate with the same name, serial number, private/public keys, etc. The only change would be the "startdate" ...
jcea's user avatar
jcea
  • 273
0 votes
0 answers
232 views

Kubernetes won't pick up new certificate, x509 certificate expired

kubectl version Client Version: v1.20.4 Server Version: v1.20.15 At the end of January we renewed our external certificates that we use for the applications on the system (as opposed to the kubeadm ...
Stuckinthemud's user avatar
Stuckinthemud
  • 1
6 votes
4 answers
3k views

When does this SSL certificate expire?

Below are the results from testing the SSL certificate at https://www.ssllabs.com/ssltest/analyze.html?d=bungalowsoftware.com It looks like we have two certificates. Am I reading that right? Does ...
Clay Nichols's user avatar
Clay Nichols
  • 1,523
0 votes
0 answers
62 views

Establishing mutual authentication over SSH using SPIFFE

For this learning purpose I have created a k8s cluster using 4 azure VMs (VM1, VM2, VM3 & VM4).I have followed the spiffe doc to deploy spire-server and spire-agent on a k8s infra. I have kept all ...
Yuvraj Singh's user avatar
Yuvraj Singh
  • 1
0 votes
0 answers
72 views

Generating certificate with subjectUniqueID field

I would like to generate a certificate with the subjectUniqueID field as indicated in rfc5280( https://www.rfc-editor.org/rfc/rfc5280#section-4).I have tried this: openssl req -config myConfigFile....
alvy's user avatar
alvy
  • 1
0 votes
0 answers
86 views

How to properly use MediaWiki with $wgDBadminuser?

I have to set up a fresh MediaWiki and am getting increasingly upset with config recommendations that don't seem to work well when configured as outlined in the official documentation. Two servers. ...
Marian's user avatar
Marian
  • 101
1 vote
0 answers
883 views

Entra Id (AAD) certificate based authentication (CBA) client certificate validation failed ("invalid request") error

I'm trying to get CBA to work according to this article: https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-certificate-based-authentication I created a self-signed CA for testing ...
The F's user avatar
The F
  • 11
1 vote
1 answer
2k views

keytool error: java.security.cert.CertificateParsingException: signed fields invalid

I have a X509 certificate pem file I got from Mongo Atlas. I'm trying to import it into the keystore like so: keytool -importcert -file X509-cert.pem -alias myalias -keystore mykeystore.p12 -storetype ...
ritratt's user avatar
ritratt
  • 139
0 votes
1 answer
797 views

How can I add alternate subject names when creating a CSR using xca?

openSUSE and SLES dropped their old CA management, now recommending to use xca. While it was easy to add alternate subject names like hostname aliases or IP addresses in the old CA management, I could ...
U. Windl's user avatar
U. Windl
  • 391
-1 votes
1 answer
767 views

How to verify signed file? [closed]

How to check a validity of a file using openssl and cms? I've got a file (foo.bin) and a signature (foo.bin.cms) which is include x509 der format certificate. is there any way to check validity of ...
Nav Boom's user avatar
Nav Boom
  • 3
0 votes
1 answer
2k views

ADFS Client Certificate Authentication

I have ADFS on my environment and it's currently authenticating via active directory perfectly fine. I'm trying to enable certificate authentication so they can authenticate with their smart cards. ...
Mlsracer's user avatar
Mlsracer
  • 1
0 votes
2 answers
721 views

What are Groups in Kubernetes certificate signing requests?

In a Certificate signing request API object for a user, you have to specify a group. apiVersion: certificates.k8s.io/v1 kind: CertificateSigningRequest metadata: name: myname spec: groups: ...
Tanchwa's user avatar
Tanchwa
  • 1
0 votes
2 answers
101 views

Cross-sign third party DV cert with our own CA for high trust

I am looking to expand trust within our application by setting up mutual TLS between the customer service and our service. I am trying to wrap my head around this stuff as I am kinda new to this tech ...
Decrypter's user avatar
Decrypter
  • 111
1 vote
0 answers
787 views

Kubernetes: using an intermediate CA which certificate is signed by a self-signed root CA certificate

Does anyone use own certificate chains for Kubernetes clusters? There's an issue with such kind of setup, and I would be grateful for any ideas on how to solve it. Let's assume we have a Root CA which ...
Volodymyr Melnyk's user avatar
Volodymyr Melnyk
  • 617

15 30 50 per page
1
2 3 4 5
8