Questions tagged [certificate-authority]
A Certificate Authority is the collection of hardware, software, and people responsible for issuing certificates in a hierarchical PKI. CAs may be public, as in SSL / TLS and government IDs, or private, as in corporate infrastructures. The primary responsibility of a public CA is to verify the identity of an applicant before issuing them a certificate.
1,315 questions
1
vote
0
answers
49
views
Eduroam certificate - is it safe? [duplicate]
I am trying to use wifi at the university and the only option is to use eduroam. When connecting to eduroam it requires trusting a certificate first. I wonder, how safe is trusting this certificate ...
- 11
2
votes
2
answers
253
views
how should one interpret a cert who's Issuer is different from the DirName of the X509v3 Authority Key Identifier extension?
Consider this cert:
-----BEGIN CERTIFICATE-----
MIIBPTCB5aADAgECAhRsj+Y2sjp/9e7RVvV46i7EEvF2RjAKBggqhkjOPQQDAjAO
MQwwCgYDVQQKDANBQUEwHhcNMjUwODIyMjIwMzExWhcNMjYwODIyMjIwMzExWjAO
...
- 1,830
1
vote
1
answer
80
views
Can root or intermediate CA authority sign the same CMS data as the subject?
Imagine a situation, which is unlikely to happen, but still, some subject signs a CMS data, and then subject's issuer (intermediate or root CA) also signs the same CMS data, so that SignerInfo now ...
- 13
5
votes
1
answer
2k
views
Something added TLS certificate exceptions to my Firefox profile
I happened to come across my Firefox's settings of Certificate Manager, and went to its Exceptions page:
When I checked it, there were two entries. I don't quite remember the names, but one had a ...
- 293
8
votes
2
answers
2k
views
Long-validity SSL certificates -- for non-browser X.509 client certificate authentication
BACKGROUND
In April, the CA/Browser Forum voted to progressively reduce SSL/TLS certificate validity periods according to this schedule:
Current: Maximum 398 days
March 15, 2026: Maximum 200 days (~6-...
- 97
2
votes
2
answers
804
views
Security of certificates issued by an internal CA
For local development of our website example.com, we want to setup a test environment with https enabled hence we need some for of SSL certificates.
Are self-issued certificates the way to go? Options ...
- 135
0
votes
1
answer
137
views
How is RabbitMQ's certificate authentication secure if it uses PKI?
According to the RabbitMQ documentation, any certificate issued by a CA that is in RabbitMQ's certification bundle will be trusted. Therefore, how can this type of authentication be secure if a CA — e....
0
votes
0
answers
114
views
How to apply code signing
I have a client-server on prem application.
If I want to provide code signing, what are the files that should be signed (exe or jar or cmd or ...) ?
Also should both files on server and on client be ...
- 559
4
votes
1
answer
1k
views
Intercepting HTTPS traffic with a trusted root cert and packet capture from the WiFi AP
I have an application in Android (version 6, so quite old) whose communication I want to monitor. I have installed my own root certificate in the user store and Android warns me correctly that data ...
- 521
2
votes
0
answers
201
views
Lists of blocked certificates on various platforms
This webpage by Apple appears to list the certificates that their products automatically treat as untrusted by default. Are there similar resources for other platforms and/or browsers?
On this site, ...
- 121
15
votes
3
answers
4k
views
Should expired (root) certificates be deleted from the certificate store?
I noticed that on Windows systems many expired certificates are listed in the certificate store certmgr. Should they be deleted when expired and if so why or why not?
If they should be deleted why isn'...
- 7,715
5
votes
2
answers
971
views
When to use a CRL distribution point in a root certificate?
I understand that each certificate can have a CRL distribution point (extension 2.5.29.31) – or even multiple ones, but let's not consider that for the moment. Let's assume we have a root CA > ...
- 824
1
vote
0
answers
135
views
Simple certified time format
I have an application where a device needs a signed message "UTC date&time at time of signature", signed by an authority that it trusts. This is simpler than an RFC 3161 timestamp, which ...
- 1,297
1
vote
0
answers
55
views
Where can I get a list of trusted certificate authorities? [duplicate]
Background
(Disclaimer: I know very little on this whole topic)
Let's Encrypt has recently dropped some Certificate Authorities (the TLSv1.0?), which is an issue for Android 4 devices, since now they ...
- 235
12
votes
3
answers
2k
views
Is it common practice to remove trusted certificate authorities (CA) located in untrusted countries?
With all currently ongoing global conflicts in the world, I was thinking about removing default trusted certificate authorities root certificates that are from countries that are (no longer) ...
- 7,715