jchris + certificate 29
The Use of Counterfeit Code Signing Certificates Is on the Rise
7 weeks ago by jchris
In 2017, security researchers around the world started seeing a sudden increase in code signing certificates being used as a layered obfuscation technique for malicious payload distribution campaigns. Recorded Future’s Insikt Group investigated the criminal underground and identified vendors currently offering both code signing certificates and domain name registration with accompanying SSL certificates.
certificate
vulnerability
7 weeks ago by jchris
OCSP verification with OpenSSL
9 weeks ago by jchris
As an example, we will use it to perform OCSP validation for an SSL certificate presented by a secure website, namely https://shipit.ubuntu.com, which at the time of this writing is signed by GoDaddy. The certificate is a chained certificate, meaning that there are several levels of trust in the certificate chain, and thus several certificates sent from the server to the client. We can verify them all using OCSP in our test.
certificate
ca
openssl
9 weeks ago by jchris
ASN.1 key structures in DER and PEM - Knowledge Base - mbed TLS (Previously PolarSSL)
december 2017 by jchris
Everybody loves PEM and the very documented ASN.1 structures that are used in saving cryptographic keys and certificates in a portable format. Well.. Everybody would if they would actually be documented. But it is rather a big feat to find what the structure is inside each DER or PEM formatted file.
As we need this information, we will share it here as well, to help others in their quest for knowledge and understanding ;)
certificate
openssl
knowhow
pki
As we need this information, we will share it here as well, to help others in their quest for knowledge and understanding ;)
december 2017 by jchris
Praktische Tipps für die Arbeit mit OpenSSL - Export, Import, Transfer der Formate
december 2017 by jchris
SSL-Zertifikate sind für alle Plattformen bestimmt und von Zeit zu Zeit ist es erforderlich, das Zertifikat zwischen Servern zu übertragen oder mit ihm auf eine andere Weise zu arbeiten. Besitzer der GeoTrust- und RapidSSL-Zertifikate können ihr Zertifikat für mehrere Server verwenden, die Anleitung für den Transfer der Zertifikate kann für sie also sicherlich nützlich sein.
certificate
conversion
howto
openssl
pki
december 2017 by jchris
Howto: SSL User Authentifizierung im Apache / Artfiles GmbH Hamburg - Unternehmensblog
november 2017 by jchris
Die Infrastruktur auf dem Server bereitzustellen, um Webmastern zu erlauben, ihren Usern die Option einer Authentifizierung per SSL Zertifikat anzubieten, ist Thema dieses Howtos.
authentication
openssl
certificate
howto
ca
@goodie
november 2017 by jchris
OpenSSL verify a certificate chain (chain verification and validation) using the “verify” command | Gaurav Khanna's Blog
october 2017 by jchris
In addition to the verification of the chain through the “s_client” command demonstrated earlier in the series, one can also use the ” verify” command to the same. It is easier in the case when the certificate chain is not already installed on a web server (in that case we can use the verify option with the “s_client” command) or it is a chain for the client certificates.
certificate
openssl
verification
october 2017 by jchris
Client-Zertifikate als sicherer Login-Ersatz? | PHP Gangsta - Der PHP Blog mit Praxisbezug
september 2017 by jchris
openssl req -new > server.cert.csr openssl rsa -in privkey.pem -out server.cert.key openssl x509 -in server.cert.csr -out server.cert.crt -req -signkey server.cert.key -days 365
certificate
encryption
https
sysadmin
webmaster
september 2017 by jchris
Tricks to do client certificate authentications behind a reverse proxy
september 2017 by jchris
The problem we are tackling in this article is about X509 client certificate authentications. By definition and for security, a HTTPS request clear content cannot be spied. This is why when putting a reverse proxy behind the client and the internal web application, the HTTPS stream will be broken and we will loose all the client certificate data. -==- Here is some tips to forward without many efforts the client certificate data to the web application:
apache
certificate
proxy
ssl
sysadmin
september 2017 by jchris
Debian -- Automatically configure HTTPS using Let's Encrypt
august 2017 by jchris
The objective of Certbot, Let's Encrypt, and the ACME (Automated Certificate Management Environment) protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on the web server.
debian
encryption
cert
certificate
august 2017 by jchris
HowtoForge Linux Tutorials » Howto selbstsigniertes SSL Zertifikat erstellen
march 2014 by jchris
Wer kennt es nicht, man möchte gerne seinen Mailserver oder Webserver absichern mit SSL, weiss aber nicht wie er die SSL Zertifikate erstellen soll. Durch das benutzen von SSL wird die Kommunikation zwischen Client und Server verschlüsselt. Dadurch werden alle Daten, wie zum Beispiel Passwörter, Email Inhalte verschlüsselt übertragen. Der Vorteil von selbst signierten Zertifikaten gegenüber gekauften ist ganz einfach, sie kosten NICHTS! Um dies zu bewerkstelligen, benötigt man Openssl und in unserem Fall eine Linux Machine. In diesem Howto wird ein Debian Lenny 64Bit benutzt.
apache
pki
certificate
howto
march 2014 by jchris
Extended Validation SSL Certificates -- The Certification Authority/Browser Forum
january 2012 by jchris
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary organization of leading certification authorities (CAs) and vendors of Internet browser software and other applications. -=- Members of the CA/Browser Forum have worked closely together in defining the guidelines and means of implementation for the Extended Validation (EV) SSL Certificate standard as a way of providing a heightened security for Internet transactions and creating a more intuitive method of displaying secure sites to Internet users.
certificate
pki
organization
CA
webmaster
january 2012 by jchris
Adobe - Approved Trust List (AATL) program
december 2011 by jchris
The Adobe Approved Trust List is a program that allows millions of users around the world to create digital signatures that are trusted whenever the signed document is opened in Adobe® Acrobat® 9 or Reader® 9 software and later. Essentially, both Acrobat and Reader have been programmed to reach out to a web page to periodically download a list of trusted "root" digital certificates.
adobe
certificate
trust
december 2011 by jchris
Angriff auf israelischen Zertifikatsherausgeber | heise Security
june 2011 by jchris
Aus Sicherheitsgründen hat die israelische Certificate Authority (CA) StartSSL sämtliche Dienste zum Ausstellen von Zertifikaten vorerst abgeschaltet. Offenbar haben Angreifer versucht, die Sicherheitssysteme zu überwinden und in die Server einzudringen.
security
ssl
webmaster
certificate
june 2011 by jchris
OpenCA Guide for Versions 0.9.2+
november 2010 by jchris
Public Key Infrastructures (PKIs) are one of the most widely accepted musts of the future. The problem is that most applications can be secured with certificates and keys but it is really difficult and expensive to setup PKIs, the reason being that flexible trustcenter software (especially for Unix) is expensive. This was the starting point of OpenCA. Our goal is production of an open source trustcenter system to support the community with a good, inexpensive and future-proof solution for their base infrastructure.
certificate
OpenCA
pki
november 2010 by jchris
Client Authentifizierung mit Apache
november 2010 by jchris
Apache ist der weltweit am häufigsten eingesetzte Web-Server, was Untersuchungen von Netcraft stets aufs neuste belegen. Ein Apache-Server stellt anfragenden Clients verschiedene Daten zur Verfügung, auf die auf unterschiedliche Art zugegriffen werden kann. Teilweise ist es wünschenswert, dass die Daten nur von dazu autorisierten Clients abgerufen werden können. Apache bietet hierzu zwei verschiedene Lösungsansätze, auf die im weiteren Verlauf näher eingegangen wird.
apache
authentication
certificate
howto
november 2010 by jchris
Guide to Webserver SSL Certificates @ Calomel.org - Open Source Research and Reference
august 2010 by jchris
The purpose of this guide is to clearly explain the reasons you may want to use a Secure Socket Layer (SSL) certificate on your webserver. While researching SSL certificates for use on our site we were constantly bombarded by useless marketing nonsense. What we really needed was a single page with clear and concise facts. This guide is here to provide an understanding of the basics involved in deciding what type, encryption strength and seller of SSL certificates you have access to. At the end of the page are some security recommendations and known vulnerabilities of SSL implementations.
@goodie
certificate
server
ssl
sysadmin
x.509
august 2010 by jchris
Microsoft Root Certificate Program Requirements
april 2007 by jchris
To better protect Microsoft customers from security issues related to
the use of public key infrastructure (PKI) certificates and enhance the
experience for Windows users, Microsoft is moving to standardize and
clarify the criteria for root certification
CA
certificate
howto
microsoft
policy
security
webtrust
standard
the use of public key infrastructure (PKI) certificates and enhance the
experience for Windows users, Microsoft is moving to standardize and
clarify the criteria for root certification
april 2007 by jchris
Computer und Internet » Woher bekommt man Zertifikate?
april 2007 by jchris
Um Zertifikate zu bekommen, stehen Ihnen drei Wege offen: -=- 1. Betreiben Sie Ihre eigene CA -=- 2. Bezahlen Sie für den Dienst einer kommerziellen CA CA -=- 3. Treten Sie einem freien Programm bei
CA
certificate
howto
pki
ssl
april 2007 by jchris
heise online - Forscher stellen Exploit für SSL-Schwachstelle vor
january 2007 by jchris
Informatiker der TU Darmstadt haben nach eigenen Angaben einen Exploit für eine kürzlich entdeckte Schwachstelle in SSL-Implementierungen entwickelt, die seit Ende August bekannt ist. Damit sei es möglich, "in weniger als 10 Minuten" ein gefälschtes S
certificate
phishing
security
ssl
openssl
opera
thunderbird
heise
newsticker
january 2007 by jchris
OpenSSL Command-Line HOWTO
december 2006 by jchris
The openssl application that ships with the OpenSSL libraries can perform a wide range of crypto operations. This HOWTO provides some cookbook-style recipes for using it.
authentication
certificate
cryptography
documentation
howto
openssl
pkcs12
reference
security
ssl
sysadmin
december 2006 by jchris
HOWTO: Creating your own CA with OpenSSL
november 2006 by jchris
This is a HOWTO on creating your own certification authority (CA) with OpenSSL.
apache
certificate
howto
openssl
ssl
november 2006 by jchris
Welcome to CAcert.org
february 2006 by jchris
Free server certificates. Goals: Inclusion into mainstream browsers and providing a trust mechanism to go with the security aspects of encryption.
authentication
certificate
openssl
organization
pki
security
trust
x.509
february 2006 by jchris
related tags
2fhg ⊕ @goodie ⊕ adobe ⊕ apache ⊕ authentication ⊕ blog ⊕ bruce-schneier ⊕ ca ⊕ cert ⊕ certificate ⊖ conversion ⊕ cryptography ⊕ debian ⊕ documentation ⊕ encryption ⊕ fhg ⊕ hacking ⊕ heise ⊕ howto ⊕ https ⊕ knowhow ⊕ letsencrypt ⊕ MD5 ⊕ microsoft ⊕ mua ⊕ newsticker ⊕ OpenCA ⊕ openssl ⊕ opera ⊕ organization ⊕ osx ⊕ phishing ⊕ pkcs12 ⊕ pki ⊕ policy ⊕ privacy ⊕ proxy ⊕ reference ⊕ security ⊕ server ⊕ SHA1 ⊕ smime ⊕ ssl ⊕ standard ⊕ sysadmin ⊕ thawte ⊕ thunderbird ⊕ trust ⊕ verification ⊕ vulnerability ⊕ webmaster ⊕ webtrust ⊕ x.509 ⊕Copy this bookmark: