Questions tagged [certificates]
A piece of data used in public key cryptography (specifically public key infrastructures) that contains identifying information (i.e. email address or web address), a hash of a public key, and a digital signature that authenticates the data in the certificate. For questions specifically about [x509], [certificate-authority], or [public-key-infrastructure], please use those tags.
2,910 questions
0
votes
0
answers
34
views
What's the role of the private key generated by dotnet dev-certs?
If one uses ASP.NET Core for web development, there's a dotnet dev-certs https -c -t command that can generate a certificate and store it in the OS certificate store so that https connections can be ...
- 323
1
vote
0
answers
49
views
Eduroam certificate - is it safe? [duplicate]
I am trying to use wifi at the university and the only option is to use eduroam. When connecting to eduroam it requires trusting a certificate first. I wonder, how safe is trusting this certificate ...
- 11
2
votes
2
answers
253
views
how should one interpret a cert who's Issuer is different from the DirName of the X509v3 Authority Key Identifier extension?
Consider this cert:
-----BEGIN CERTIFICATE-----
MIIBPTCB5aADAgECAhRsj+Y2sjp/9e7RVvV46i7EEvF2RjAKBggqhkjOPQQDAjAO
MQwwCgYDVQQKDANBQUEwHhcNMjUwODIyMjIwMzExWhcNMjYwODIyMjIwMzExWjAO
...
- 1,830
3
votes
1
answer
442
views
What EXACTLY makes an X.509 certificate "end entity"?
Suppose you were writing a certificate display or formatting program and wanted to be able to say "this certificate is [or is not] usable as an end-entity certificate"? What exactly would ...
- 133
7
votes
2
answers
2k
views
how to define when a key (or a secret in general) has become too old?
I will illustrate my question by looking at SSL certificates:
In general, we can expect a SSL/TLS certificate to be using, at least, a 2048-bit RSA key. Now, as long as quantum computers are not a ...
- 81
1
vote
1
answer
80
views
Can root or intermediate CA authority sign the same CMS data as the subject?
Imagine a situation, which is unlikely to happen, but still, some subject signs a CMS data, and then subject's issuer (intermediate or root CA) also signs the same CMS data, so that SignerInfo now ...
- 13
0
votes
0
answers
20
views
how to make it so a PFX private key can be exported in Windows certmgr [duplicate]
I created a PFX with an X.509 and a private key with OpenSSL. I did not use a password. I then imported the result into Windows and am now trying to export it from Windows but when I do so it's not ...
- 1,830
8
votes
2
answers
2k
views
Long-validity SSL certificates -- for non-browser X.509 client certificate authentication
BACKGROUND
In April, the CA/Browser Forum voted to progressively reduce SSL/TLS certificate validity periods according to this schedule:
Current: Maximum 398 days
March 15, 2026: Maximum 200 days (~6-...
- 97
5
votes
1
answer
2k
views
Using my own CA for home VPN -- too much or not enough?
I recently set up a "homelab," so to speak, with several machines that have personal data and applications that I'd like to be able to use on the go. I set up a KeepassXC database secured ...
- 153
2
votes
0
answers
685
views
iVentoy installing unsafe Windows Kernel drivers: Why is this happening? [closed]
iVentoy https://github.com/ventoy/PXE/releases
iventoy-1.0.20-linux-free.tar.gz, iventoy-1.0.20-win32-free.zip, iventoy-1.0.20-win64-free.zip
All these distribution files contain "\data\iventoy....
- 139
6
votes
3
answers
1k
views
What DOESN'T change when signing Certificate is renewed?
We are currently using the certificate thumbprint to local the certificate in order to create a JWT to validate a service call.
We're looking for a property of the certificate that will stay the same ...
- 173
2
votes
2
answers
809
views
Extract CRT and KEY from signed PEM file without the openssl tool
Is there any way to extract a private key from a PEM file without the openssl tool on Windows?
Windows MMC won't do the trick as I cannot export to PKCS#12 due to my work laptop security restrictions ...
- 41
3
votes
2
answers
981
views
Hiding information in the SAN field of a certificate
I was doing a Nmap scan on the public network of the company that I work for. Using the script "-sC" I noticed that the scan showed the certificate, and in particular the SAN section. In ...
- 31
3
votes
1
answer
1k
views
Can a public certificate provider impersonate an AD?
I do not know much about how MS Windows interprets client certificates but I was faced with a statement I have a hard time integrating.
The context: organization EXAMPLE has an Active Directory and an ...
- 9,218
0
votes
1
answer
137
views
How is RabbitMQ's certificate authentication secure if it uses PKI?
According to the RabbitMQ documentation, any certificate issued by a CA that is in RabbitMQ's certification bundle will be trusted. Therefore, how can this type of authentication be secure if a CA — e....
