[EN] Certificate Authority Authorization scotthelme.co.uk/certific…
πŸ‘︎ 2
πŸ“°︎ r/Sysadmin_Fr
πŸ’¬︎
πŸ‘€︎ u/F4FIA
πŸ“…︎ Apr 11 2017
🚨︎ report
DNSimple Introduces Certification Authority Authorization (CAA) Records. A DNS record type that indicates to certificate authorities if they should issue certificates for a domain. blog.dnsimple.com/2017/01…
πŸ‘︎ 2
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/speckz
πŸ“…︎ Jan 04 2017
🚨︎ report
Build a Tiny Certificate Authority For Your Homelab smallstep.com/blog/build-…
πŸ‘︎ 1k
πŸ“°︎ r/homelab
πŸ’¬︎
πŸ‘€︎ u/mjmalone
πŸ“…︎ Dec 23 2020
🚨︎ report
Build a Tiny Certificate Authority For Your Homelab

https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/

Anyone try something like this for their homelab? I would love to have https on all of my internal network connections and this would make it much easier

πŸ‘︎ 108
πŸ“°︎ r/HomeServer
πŸ’¬︎
πŸ‘€︎ u/wallacebrf
πŸ“…︎ Dec 25 2020
🚨︎ report
Using Windows Certificate Authority - How can I add SAN name into certificate requests?

For starters, this is a new setup, and I'm completely open to switching to Linux and use openSSL or something of the like. I'm drawn to Windows Certificate Authority because there's a web GUI which will make it easy for my team to get certs for their tools.

Currently, when issuing a certificate using the "Web Server" template, they all issue WITHOUT a SAN name, which of course makes Google Chrome freak out.

I made a registry edit, from here. One of the steps is to add the attribute " san:dns=mydomain.com " to the request. Is there a way I can build that into the Web Server template? Some of the CSRs have SANs in them, but they get dropped when the certificate is generated. I'm wondering if there's a way I can maybe even pull DNS records and auto fill. Does anyone have any experience with this?

Also open to changing to OpenSSL or some other alternative, (bonus points for a web GUI). This is a new setup for us so nothing is issued yet.

πŸ‘︎ 2
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/spitzkingOG
πŸ“…︎ Jan 22 2021
🚨︎ report
Afghan man granted NZ visa despite giving authorities forged police certificate i.stuff.co.nz/national/30…
πŸ‘︎ 33
πŸ“°︎ r/newzealand
πŸ’¬︎
πŸ‘€︎ u/TreeBearOne
πŸ“…︎ Nov 15 2020
🚨︎ report
Build a Tiny Certificate Authority For Your Homelab smallstep.com/blog/build-…
πŸ‘︎ 60
πŸ“°︎ r/raspberry_pi
πŸ’¬︎
πŸ‘€︎ u/ivanjn
πŸ“…︎ Dec 29 2020
🚨︎ report
Build a Tiny Certificate Authority using a Yubikey smallstep.com/blog/build-…
πŸ‘︎ 48
πŸ“°︎ r/yubikey
πŸ’¬︎
πŸ‘€︎ u/kevinds
πŸ“…︎ Dec 25 2020
🚨︎ report
Is there a solid list of Certificate Authority best practices from a reputable source?

I am looking for very high-level best practices for a certificate authority from a reputable source, preferably technology agnostic.

Anyone have a link?

πŸ‘︎ 5
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/CastleCorp
πŸ“…︎ Dec 29 2020
🚨︎ report
Could you have a pilot license if had ASD (Asperger Syndrome) or to be more specific health certificate, does aviation authority know?

Could you have a pilot license if had ASD (Asperger Syndrome) or to be more specific health certificate, do your country national aviation authority would know if you omitted this?

In my country, it's Poland, UrzΔ…d Lotnictwa Cywilnego (ULC) Civil Aviation Authority of Republic Poland, I've always dreamed of being a pilot, although I know I can't afford it yet, it's always good to have some dreams.

But to be able to be a pilot, you first need to obtain a valid EASA ( European Union Aviation Safety Agency,) class 2 health certificate (for amateur flying PPL license) or class 1 (for professional flying (CPL license and higher)).

I read the ICAO guidelines for national airline agencies, and I was curious about Asperger, Asperger's Syndrome, it is not Down's syndrome, after all, maybe this is a bad example because no one chose to be born with a given condition, I read that on, for example, you can be a pilot with a visual impairment, if someone has spare glasses, or if someone has had a laser vision correction, I do not have a vision problem so far. :)

But when I asked in Polish and English-language discussion forums for aviation enthusiasts about such ailments as Asperger's Syndrome, someone wrote to me that in the case of psychological ailments that are not some serious psychiatric diseases, but such defects as Asperger's Syndrome, ADHD, etc I wonder if someone does not tell the whole truth, they will catch it? :-)

πŸ‘︎ 2
πŸ“°︎ r/aviation
πŸ’¬︎
πŸ‘€︎ u/Gay-paul1
πŸ“…︎ Jan 12 2021
🚨︎ report
Help with Windows Certificate Authority configuration for 802.1x + VPN Radius Authentication

Hey Guys,

At the business I work for we just implemented a new 2 tier windows PKI environment which works great. We have plans to utilize this system to beef up security for our Wifi and VPN via the use of Radius. We are just about to roll out auto-enroll for all domain joined computers to get a certificate based on the default "computer" template on our issuing CA. This should allow our domain joined pc's to authenticate to radius easy enough and make management of the certs easy enough on the CA.

The part I'm stuck on is authentication relating to non domain joined IOS and Android clients. What template should be used for these devices when issuing the devices a certificate (computer or user or something else)? To keep things as simple as possible we are planning on manually generating and installing the certs on mobile devices for our company. Currently I am generating these certs based on the "computer" template in LDAP on a domain joined workstation. The issue I am having though is that the certs aren't easily distinguishable on the CA which may make management a little difficult.

How exactly we plan on using these certs is as follows:
- we (IT) generate the certificate itself on a domain joined admin workstation
- we then manually install this newly generated cert on the mobile device (IOS/Andriod)
- we would like this restricted to the MAC address of the mobile device (if possible) to prevent any security vulnerabilities
- we would like some form of distinguishing information present on the CA so we can tell all the certs apart. Currently since I am generating these certs on my domain joined pc, only my pcs information is being shown on the CA associated to the certificates that I generate. If possible I would like to be able to manually enter some piece of unique information during the creation of the certificate that allows easy differentiation between the certs.

Am I going about this properly? Can someone provide their exact CA template configuration/setup? Maybe also provide a step by step for how you guys issue these certs for mobile devices in your business?

Thanks all!

πŸ‘︎ 8
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ“…︎ Dec 25 2020
🚨︎ report
Certificate Authority question

When it comes to Certificate Authorities, we hear of several famous ones like GoDaddy, ZScaler, etc. But who do CA's register with to make them an official CA? Like I heard of Let's Encrypt which basically anyone can use.

In other words, I am trying to obtain a list of legitimate CAs.

when I visit a website, I always check for the CA and although usually they are well known, there are some I never heard of before. I cannot confirm if they are legit or not.

πŸ‘︎ 5
πŸ“°︎ r/techsupport
πŸ’¬︎
πŸ‘€︎ u/jiggy19921
πŸ“…︎ Jan 02 2021
🚨︎ report
iPhone ignoring my home Certificate Authority but iPad works just fine!?

Hello all,

I've had an iPad for a while and installed both my root and intermediate CA on it for a while. Still to this day it's working fine with iPadOS 14.4. I've also installed this CA on my old android and an old iPhone I was trying out.

I have an iPhone 12 mini right now and both the root and intermediate and verified that it's the same as the iPad in every way. But my internal websites are working with my iPad and NOT my iPhone.

When inspecting the cert that Safari it clearly shows my intermediate there but still says my cert is untrusted. From anything I can tell, my cert is being straight up ignored on my iPhone.

I've already gone over the requirements for a CA in Apple's statement and it clearly works on my iPad so I am at a loss.

Has anyone experienced this or solved this?

Thanks

πŸ‘︎ 2
πŸ“°︎ r/HomeNetworking
πŸ’¬︎
πŸ‘€︎ u/Philipose
πŸ“…︎ Jan 26 2021
🚨︎ report
The Prometheus adapter is throwing "x509: certificate signed by unknown authority" in logs

My premethous url certificate is provided my aws.

How can i get the certificate details from AWS. Is there a way to bypass the certificate validation to fetch the custom metrics from premethous using premethous adapter.

Please let me know why i am facing this error. and any solutions/thoughts will be highly appriciated.

πŸ‘︎ 2
πŸ“°︎ r/kubernetes
πŸ’¬︎
πŸ‘€︎ u/cloudgeek09
πŸ“…︎ Jan 21 2021
🚨︎ report
Wikipedia on the topic of certificate authorities says that "trust is usually anchored in a list of certificates distributed with user agent software, and can be modified by the relying party." What does "list of certificates mean"?

Wikipedia subsection I'm referring to. Is "list of certificates" refering to the certificate authorities that issue the certificates, or just the individual certificates itself? If the latter, why would you need to store such a list. Also, what is meant by user agent software?

πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/A_Cinnamon_Babka
πŸ“…︎ Dec 11 2020
🚨︎ report
Considering that the matrix was software, the key maker was the certificate authority.
πŸ‘︎ 10
πŸ“°︎ r/Showerthoughts
πŸ’¬︎
πŸ‘€︎ u/sincerelycelery
πŸ“…︎ Jan 05 2021
🚨︎ report
Same-sex marriage being performed in 1901: Marcela Gracia Ibeas and Elisa SΓ‘nchez Loriga are wed, with Elisa disguising herself, unbeknownst to authorities, as a man with the name "Mario" on the marriage certificate, in Galicia, Spain. [1024 x 1533]
πŸ‘︎ 20k
πŸ“°︎ r/HistoryPorn
πŸ’¬︎
πŸ“…︎ May 04 2020
🚨︎ report
Hypothetical question: What if a major Certificate Authority was breached? What could they do ?

Read an article on 'Lets encrypt', and it had me wondering ( I'm not an expert on Certs ) : What is the CA was infiltrated by a state level power. What could they now do? I'm not sure if my question violates the rules, if so please remove this post, but I think it's important to understand basic vulnerabilities if this is one.

πŸ‘︎ 21
πŸ“°︎ r/privacytoolsIO
πŸ’¬︎
πŸ‘€︎ u/two_wheel_now
πŸ“…︎ Nov 13 2020
🚨︎ report
ADCS (Active Directory Certificate Authority)

I have a DC that have ADCS and want to use its certificate for another DC with another domain Is that possible?

The reason i’m doing this is that both DC have websites on them that depends on some services.

Thanks in Advance

πŸ‘︎ 4
πŸ“°︎ r/PowerShell
πŸ’¬︎
πŸ‘€︎ u/Rebootmyloot
πŸ“…︎ Oct 24 2020
🚨︎ report
Can OpenSSL Act as a Root Certificate Authority?

One of my friends mentioned to me that you can simply use openSSL along with any webserver to act as a certificate authority, is something like this really possible? I've always been under the assumption that a CA was some specialized piece of software. Does it only work in some limited capacity perhaps?

πŸ‘︎ 5
πŸ“°︎ r/selfhosted
πŸ’¬︎
πŸ‘€︎ u/aharmlessloaf
πŸ“…︎ Oct 17 2020
🚨︎ report
Google Certificate Authority Service - What is your take on it?

Google has recently launched CAS , What do you think , will people try to use the services. Any pros /cons ?

πŸ‘︎ 2
πŸ“°︎ r/PKI
πŸ’¬︎
πŸ‘€︎ u/nerdamitg
πŸ“…︎ Oct 29 2020
🚨︎ report
Certificate authority identification

How is a certificate authority identified? I'm thinking they are identified by their IP, but I am not sure. Maybe they use their own self signed certs?

Similarly, does a self signed cert use an IP as it's CA server? Thanks.

πŸ‘︎ 3
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/DereckdeMezquita
πŸ“…︎ Nov 20 2020
🚨︎ report
Google Cloud Certificate Authority Service Webinar

Google Cloud Certificate Authority Service Webinar on Nov 5th 2020

Registration Link: https://www.brighttalk.com/webcast/18359/447916

πŸ‘︎ 3
πŸ“°︎ r/googlecloud
πŸ’¬︎
πŸ‘€︎ u/VS0704
πŸ“…︎ Oct 30 2020
🚨︎ report
ADCS (Active Directory Certificate Authority)

I have a DC that have ADCS and want to use its certificate for another DC with another domain Is that possible?

The reason i’m doing this is that both DC have websites on them that depends on some services.

Thanks in Advance

πŸ‘︎ 5
πŸ“°︎ r/activedirectory
πŸ’¬︎
πŸ‘€︎ u/Rebootmyloot
πŸ“…︎ Oct 24 2020
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.