Questions tagged [x509]
X.509 is an ITU-T standard commonly used for public key infrastructure (PKI) and for privilege management infrastructure (PMI).
115
questions
2
votes
0
answers
28
views
Client certificates and custom revoked html
I can configure Apache to authenticate users with client certificate and validate them via OCSP. Do you know how can I redirect the user to a custom html page if the certificate is revoked? The ...
2
votes
1
answer
124
views
What happens if the startdate of a CA is later that the startdate of a X509 certificate signed by it?
I am in the process of extending the lifetime of a private CA creating a new certificate with the same name, serial number, private/public keys, etc. The only change would be the "startdate" ...
0
votes
0
answers
232
views
Kubernetes won't pick up new certificate, x509 certificate expired
kubectl version Client Version: v1.20.4 Server Version: v1.20.15
At the end of January we renewed our external certificates that we use for the applications on the system (as opposed to the kubeadm ...
6
votes
4
answers
3k
views
When does this SSL certificate expire?
Below are the results from testing the SSL certificate at https://www.ssllabs.com/ssltest/analyze.html?d=bungalowsoftware.com
It looks like we have two certificates. Am I reading that right?
Does ...
0
votes
0
answers
62
views
Establishing mutual authentication over SSH using SPIFFE
For this learning purpose I have created a k8s cluster using 4 azure VMs (VM1, VM2, VM3 & VM4).I have followed the spiffe doc to deploy spire-server and spire-agent on a k8s infra. I have kept all ...
0
votes
0
answers
72
views
Generating certificate with subjectUniqueID field
I would like to generate a certificate with the subjectUniqueID field as indicated in rfc5280( https://www.rfc-editor.org/rfc/rfc5280#section-4).I have tried this:
openssl req -config myConfigFile....
0
votes
0
answers
86
views
How to properly use MediaWiki with $wgDBadminuser?
I have to set up a fresh MediaWiki and am getting increasingly upset with config recommendations that don't seem to work well when configured as outlined in the official documentation.
Two servers. ...
1
vote
0
answers
883
views
Entra Id (AAD) certificate based authentication (CBA) client certificate validation failed ("invalid request") error
I'm trying to get CBA to work according to this article:
https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-certificate-based-authentication
I created a self-signed CA for testing ...
1
vote
1
answer
2k
views
keytool error: java.security.cert.CertificateParsingException: signed fields invalid
I have a X509 certificate pem file I got from Mongo Atlas. I'm trying to import it into the keystore like so:
keytool -importcert -file X509-cert.pem -alias myalias -keystore mykeystore.p12 -storetype ...
0
votes
1
answer
797
views
How can I add alternate subject names when creating a CSR using xca?
openSUSE and SLES dropped their old CA management, now recommending to use xca.
While it was easy to add alternate subject names like hostname aliases or IP addresses in the old CA management, I could ...
-1
votes
1
answer
767
views
How to verify signed file? [closed]
How to check a validity of a file using openssl and cms?
I've got a file (foo.bin) and a signature (foo.bin.cms) which is include x509 der format certificate.
is there any way to check validity of ...
0
votes
1
answer
2k
views
ADFS Client Certificate Authentication
I have ADFS on my environment and it's currently authenticating via active directory perfectly fine. I'm trying to enable certificate authentication so they can authenticate with their smart cards. ...
0
votes
2
answers
721
views
What are Groups in Kubernetes certificate signing requests?
In a Certificate signing request API object for a user, you have to specify a group.
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: myname
spec:
groups:
...
0
votes
2
answers
101
views
Cross-sign third party DV cert with our own CA for high trust
I am looking to expand trust within our application by setting up mutual TLS between the customer service and our service. I am trying to wrap my head around this stuff as I am kinda new to this tech ...
1
vote
0
answers
787
views
Kubernetes: using an intermediate CA which certificate is signed by a self-signed root CA certificate
Does anyone use own certificate chains for Kubernetes clusters?
There's an issue with such kind of setup, and I would be grateful for any ideas on how to solve it.
Let's assume we have a Root CA which ...