jchris + certificate   29

The Use of Counterfeit Code Signing Certificates Is on the Rise
In 2017, security researchers around the world started seeing a sudden increase in code signing certificates being used as a layered obfuscation technique for malicious payload distribution campaigns. Recorded Future’s Insikt Group investigated the criminal underground and identified vendors currently offering both code signing certificates and domain name registration with accompanying SSL certificates.
certificate  vulnerability 
7 weeks ago by jchris
OCSP verification with OpenSSL
As an example, we will use it to perform OCSP validation for an SSL certificate presented by a secure website, namely https://shipit.ubuntu.com, which at the time of this writing is signed by GoDaddy. The certificate is a chained certificate, meaning that there are several levels of trust in the certificate chain, and thus several certificates sent from the server to the client. We can verify them all using OCSP in our test.
certificate  ca  openssl 
9 weeks ago by jchris
ASN.1 key structures in DER and PEM - Knowledge Base - mbed TLS (Previously PolarSSL)
Everybody loves PEM and the very documented ASN.1 structures that are used in saving cryptographic keys and certificates in a portable format. Well.. Everybody would if they would actually be documented. But it is rather a big feat to find what the structure is inside each DER or PEM formatted file.

As we need this information, we will share it here as well, to help others in their quest for knowledge and understanding ;)
certificate  openssl  knowhow  pki 
december 2017 by jchris
Praktische Tipps für die Arbeit mit OpenSSL - Export, Import, Transfer der Formate
SSL-Zertifikate sind für alle Plattformen bestimmt und von Zeit zu Zeit ist es erforderlich, das Zertifikat zwischen Servern zu übertragen oder mit ihm auf eine andere Weise zu arbeiten. Besitzer der GeoTrust- und RapidSSL-Zertifikate können ihr Zertifikat für mehrere Server verwenden, die Anleitung für den Transfer der Zertifikate kann für sie also sicherlich nützlich sein.
certificate  conversion  howto  openssl  pki 
december 2017 by jchris
Howto: SSL User Authentifizierung im Apache / Artfiles GmbH Hamburg - Unternehmensblog
Die Infrastruktur auf dem Server bereitzustellen, um Webmastern zu erlauben, ihren Usern die Option einer Authentifizierung per SSL Zertifikat anzubieten, ist Thema dieses Howtos.
authentication  openssl  certificate  howto  ca  @goodie 
november 2017 by jchris
OpenSSL verify a certificate chain (chain verification and validation) using the “verify” command | Gaurav Khanna's Blog
In addition to the verification of the chain through the “s_client” command demonstrated earlier in the series, one can also use the ” verify” command to the same. It is easier in the case when the certificate chain is not already installed on a web server (in that case we can use the verify option with the “s_client” command) or it is a chain for the client certificates.
certificate  openssl  verification 
october 2017 by jchris
Client-Zertifikate als sicherer Login-Ersatz? | PHP Gangsta - Der PHP Blog mit Praxisbezug
openssl req -new > server.cert.csr openssl rsa -in privkey.pem -out server.cert.key openssl x509 -in server.cert.csr -out server.cert.crt -req -signkey server.cert.key -days 365
certificate  encryption  https  sysadmin  webmaster 
september 2017 by jchris
Tricks to do client certificate authentications behind a reverse proxy
The problem we are tackling in this article is about X509 client certificate authentications. By definition and for security, a HTTPS request clear content cannot be spied. This is why when putting a reverse proxy behind the client and the internal web application, the HTTPS stream will be broken and we will loose all the client certificate data. -==- Here is some tips to forward without many efforts the client certificate data to the web application:
apache  certificate  proxy  ssl  sysadmin 
september 2017 by jchris
Debian -- Automatically configure HTTPS using Let's Encrypt
The objective of Certbot, Let's Encrypt, and the ACME (Automated Certificate Management Environment) protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on the web server.
debian  encryption  cert  certificate 
august 2017 by jchris
HowtoForge Linux Tutorials » Howto selbstsigniertes SSL Zertifikat erstellen
Wer kennt es nicht, man möchte gerne seinen Mailserver oder Webserver absichern mit SSL, weiss aber nicht wie er die SSL Zertifikate erstellen soll. Durch das benutzen von SSL wird die Kommunikation zwischen Client und Server verschlüsselt. Dadurch werden alle Daten, wie zum Beispiel Passwörter, Email Inhalte verschlüsselt übertragen. Der Vorteil von selbst signierten Zertifikaten gegenüber gekauften ist ganz einfach, sie kosten NICHTS! Um dies zu bewerkstelligen, benötigt man Openssl und in unserem Fall eine Linux Machine. In diesem Howto wird ein Debian Lenny 64Bit benutzt.
apache  pki  certificate  howto 
march 2014 by jchris
Extended Validation SSL Certificates -- The Certification Authority/Browser Forum
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary organization of leading certification authorities (CAs) and vendors of Internet browser software and other applications. -=- Members of the CA/Browser Forum have worked closely together in defining the guidelines and means of implementation for the Extended Validation (EV) SSL Certificate standard as a way of providing a heightened security for Internet transactions and creating a more intuitive method of displaying secure sites to Internet users.
certificate  pki  organization  CA  webmaster 
january 2012 by jchris
Adobe - Approved Trust List (AATL) program
The Adobe Approved Trust List is a program that allows millions of users around the world to create digital signatures that are trusted whenever the signed document is opened in Adobe® Acrobat® 9 or Reader® 9 software and later. Essentially, both Acrobat and Reader have been programmed to reach out to a web page to periodically download a list of trusted "root" digital certificates.
adobe  certificate  trust 
december 2011 by jchris
Angriff auf israelischen Zertifikatsherausgeber | heise Security
Aus Sicherheitsgründen hat die israelische Certificate Authority (CA) StartSSL sämtliche Dienste zum Ausstellen von Zertifikaten vorerst abgeschaltet. Offenbar haben Angreifer versucht, die Sicherheitssysteme zu überwinden und in die Server einzudringen.
security  ssl  webmaster  certificate 
june 2011 by jchris
OpenCA Guide for Versions 0.9.2+
Public Key Infrastructures (PKIs) are one of the most widely accepted musts of the future. The problem is that most applications can be secured with certificates and keys but it is really difficult and expensive to setup PKIs, the reason being that flexible trustcenter software (especially for Unix) is expensive. This was the starting point of OpenCA. Our goal is production of an open source trustcenter system to support the community with a good, inexpensive and future-proof solution for their base infrastructure.
certificate  OpenCA  pki 
november 2010 by jchris
Client Authentifizierung mit Apache
Apache ist der weltweit am häufigsten eingesetzte Web-Server, was Untersuchungen von Netcraft stets aufs neuste belegen. Ein Apache-Server stellt anfragenden Clients verschiedene Daten zur Verfügung, auf die auf unterschiedliche Art zugegriffen werden kann. Teilweise ist es wünschenswert, dass die Daten nur von dazu autorisierten Clients abgerufen werden können. Apache bietet hierzu zwei verschiedene Lösungsansätze, auf die im weiteren Verlauf näher eingegangen wird.
apache  authentication  certificate  howto 
november 2010 by jchris
Guide to Webserver SSL Certificates @ Calomel.org - Open Source Research and Reference
The purpose of this guide is to clearly explain the reasons you may want to use a Secure Socket Layer (SSL) certificate on your webserver. While researching SSL certificates for use on our site we were constantly bombarded by useless marketing nonsense. What we really needed was a single page with clear and concise facts. This guide is here to provide an understanding of the basics involved in deciding what type, encryption strength and seller of SSL certificates you have access to. At the end of the page are some security recommendations and known vulnerabilities of SSL implementations.
@goodie  certificate  server  ssl  sysadmin  x.509 
august 2010 by jchris
mac.sigma.de : Articles - Sicher Mailen mit S/MIME
Seit OS X 10.3 (Panther) beinhaltet Apple Mail eine Unterstützung zum Signieren und Verschlüsseln mit X.509-Zertifikaten und dem Transportformat S/MIME.
smime  mua  privacy  security  certificate  thawte  osx  howto 
july 2007 by jchris
Microsoft Root Certificate Program Requirements
To better protect Microsoft customers from security issues related to
the use of public key infrastructure (PKI) certificates and enhance the
experience for Windows users, Microsoft is moving to standardize and
clarify the criteria for root certification
CA  certificate  howto  microsoft  policy  security  webtrust  standard 
april 2007 by jchris
Computer und Internet » Woher bekommt man Zertifikate?
Um Zertifikate zu bekommen, stehen Ihnen drei Wege offen: -=- 1. Betreiben Sie Ihre eigene CA -=- 2. Bezahlen Sie für den Dienst einer kommerziellen CA CA -=- 3. Treten Sie einem freien Programm bei
CA  certificate  howto  pki  ssl 
april 2007 by jchris
heise online - Forscher stellen Exploit für SSL-Schwachstelle vor
Informatiker der TU Darmstadt haben nach eigenen Angaben einen Exploit für eine kürzlich entdeckte Schwachstelle in SSL-Implementierungen entwickelt, die seit Ende August bekannt ist. Damit sei es möglich, "in weniger als 10 Minuten" ein gefälschtes S
certificate  phishing  security  ssl  openssl  opera  thunderbird  heise  newsticker 
january 2007 by jchris
OpenSSL Command-Line HOWTO
The openssl application that ships with the OpenSSL libraries can perform a wide range of crypto operations. This HOWTO provides some cookbook-style recipes for using it.
authentication  certificate  cryptography  documentation  howto  openssl  pkcs12  reference  security  ssl  sysadmin 
december 2006 by jchris
HOWTO: Creating your own CA with OpenSSL
This is a HOWTO on creating your own certification authority (CA) with OpenSSL.
apache  certificate  howto  openssl  ssl 
november 2006 by jchris
Welcome to CAcert.org
Free server certificates. Goals: Inclusion into mainstream browsers and providing a trust mechanism to go with the security aspects of encryption.
authentication  certificate  openssl  organization  pki  security  trust  x.509 
february 2006 by jchris

Copy this bookmark:



description:


tags: