[EN] Certificate Authority Authorization scotthelme.co.uk/certific…
πŸ‘︎ 2
πŸ“°︎ r/Sysadmin_Fr
πŸ’¬︎
πŸ‘€︎ u/F4FIA
πŸ“…︎ Apr 11 2017
🚨︎ report
DNSimple Introduces Certification Authority Authorization (CAA) Records. A DNS record type that indicates to certificate authorities if they should issue certificates for a domain. blog.dnsimple.com/2017/01…
πŸ‘︎ 6
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/speckz
πŸ“…︎ Jan 04 2017
🚨︎ report
How are you handling Wi-Fi authentication for environments without an on-prem NPS server or Certificate Authority?

Title. There are some customers that are excellent fits for zero servers and all InTune in other areas, but this is a problem that we've run up against.

SecureW2 seems to be able to do it but I don't know their pricing and they've put it behind a "let's setup a quick call with a salesperson" wall so no thanks.

Azure AD DS and some NPS servers chilling in Azure is a method, but as an MSP I'm not sure how or if that could be mutli-tenant capable.

Pushing a long PSK-based profile via InTune isn't a great option because a simple one liner NETSH command can pull the PSK in 1 second.

Ideally, I'd love something that can replicate AD CS Automatic certificate enrollment + automatic Wi-Fi network join. The second part of that is simple enough to do with InTune, and InTune can even point devices as a SCEP-capable server.

Thoughts?

πŸ‘︎ 43
πŸ“°︎ r/networking
πŸ’¬︎
πŸ‘€︎ u/jacobjkeyes
πŸ“…︎ Mar 22 2021
🚨︎ report
Golang - Creating a Certificate Authority + Signing Certificates in Go shaneutt.com/blog/golang-…
πŸ‘︎ 127
πŸ“°︎ r/golang
πŸ’¬︎
πŸ‘€︎ u/devquy
πŸ“…︎ Mar 10 2021
🚨︎ report
Build a Tiny Certificate Authority For Your Homelab smallstep.com/blog/build-…
πŸ‘︎ 1k
πŸ“°︎ r/homelab
πŸ’¬︎
πŸ‘€︎ u/mjmalone
πŸ“…︎ Dec 23 2020
🚨︎ report
What does this mean? "A certificate authority is installed on this device. Your secure network traffic may be monitored or modified."

When I swipe down the notification panel, I always have this.

After clicking on it, it shows this

It reads:

>A certificate authority is installed on this device. Your secure network traffic may be monitored or modified.

Is it serious, related to the network provider, and how to remove it?

Thanks for your help in advance.

πŸ‘︎ 3
πŸ“°︎ r/AndroidQuestions
πŸ’¬︎
πŸ‘€︎ u/ArkanEN123
πŸ“…︎ Mar 01 2021
🚨︎ report
What to write in "Community Certificate Issuing Authority Name"?
πŸ‘︎ 2
πŸ“°︎ r/UPSC
πŸ’¬︎
πŸ“…︎ Mar 14 2021
🚨︎ report
Anyone here ever retire a Microsoft Certificate Authority? Trying not to screw up our PKI.

This CA issued certs to devices for low assurance auth. I already have a new CA in place and certs issued to pretty much all devices.

Templates are removed from the old CA and it is not issuing anymore certs.

Next is to begin revoking certs from the old CA. Any thoughts? Pitfalls to avoid? I know there is not a lot of detail but any tips would be helpful.

πŸ‘︎ 10
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/LDAPSchemas
πŸ“…︎ Mar 05 2021
🚨︎ report
x509: certificate signed by unknown authority

I install telegraf charts with helm v2 but getting Error: failed to download "influxdata/telegraf. Debug points to x509: certificate signed by unknown authority but not sure how to fix it . *helm repo update* does not help. I can try add repo again with --ca-file option but not sure what cert to use

helm upgrade --install telegraf influxdata/telegraf --namespace monitoring -f telegraf/telegraf-values.yaml --timeout 10 --debug

[debug] Created tunnel using local port: '41475'

[debug] SERVER: "127.0.0.1:41475"

Error: Get https://github-releases.githubusercontent.com/240335934/324fd800-6a30-11eb-83fb-05d8307b92af?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210303%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210303T201252Z&X-Amz-Expires=300&X-Amz-Signature=908f2ae837ec944d10b66b6d64318fff8a5fff96ae39e918d00a5f059ac01764&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=240335934&response-content-disposition=attachment%3B%20filename%3Dtelegraf-1.7.37.tgz&response-content-type=application%2Foctet-stream: x509: certificate signed by unknown authority

πŸ‘︎ 2
πŸ“°︎ r/helm
πŸ’¬︎
πŸ‘€︎ u/niuk007
πŸ“…︎ Mar 03 2021
🚨︎ report
Build a Tiny Certificate Authority For Your Homelab

https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/

Anyone try something like this for their homelab? I would love to have https on all of my internal network connections and this would make it much easier

πŸ‘︎ 111
πŸ“°︎ r/HomeServer
πŸ’¬︎
πŸ‘€︎ u/wallacebrf
πŸ“…︎ Dec 25 2020
🚨︎ report
x509: certificate signed by unknown authority

I created the self-signed certificates (with the domain name as dns option) like influxdata proposes to do : https://docs.influxdata.com/influxdb/v2.0/security/enable-tls/. Everything works just fine except for Telegraf:

2021-02-27T14:40:34Z I! Starting Telegraf 1.17.0
2021-02-27T14:40:34Z E! [telegraf] Error running agent: Error loading config file https://example.com:8086/api/v2/telegrafs/0724b0d721985000: Get "https://example.com:8086/api/v2/telegrafs/0724b0d721985000": x509: certificate signed by unknown authority

My telegraf.conf:

[[outputs.influxdb_v2]]	
  urls = ["https://example.com:8086"]

  ## Token for authentication.
  token = "$INFLUX_TOKEN"

  ## Organization is the name of the organization you wish to write to; must exist.
  organization = "my-organization"

  ## Destination bucket to write into.
  bucket = "my-bucket"

  insecure_skip_verify = true
  tls_ca = "/etc/ssl/influxdb-selfsigned.crt"  

sudo systemctl status telegraf:

Feb 27 15:07:35 influxdata telegraf[590]: 2021-02-27T15:07:35Z E! [outputs.influxdb_v2] when writing to [https://example.com:8086]: failed to write metric: unauthorized: unauthorized access
[agent] Error writing to outputs.influxdb_v2: failed to write metric: unauthorized: unauthorized access

I get the same error with or without the 'tls_ca' or 'insecure_skip_verify' variables. Any ideas/suggestions would be greatly appreciated.

SOLUTION: I manually placed the TOKEN in the telegraf.conf and now it is working, the command still isn't working though 'the telegraf --config ... command' but it is sending the data with TLS so I'm satisfied.

πŸ‘︎ 2
πŸ“°︎ r/influxdb
πŸ’¬︎
πŸ‘€︎ u/OmegaLulPepeBoi
πŸ“…︎ Feb 27 2021
🚨︎ report
x509: certificate signed by unknown authority

I followed this guide: https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash and everything works just fine except for when I want to use metricbeat (on the same server as my EL and Kibana) to send metrics about EL. I created certificates from the CA from the guide. This is in my instance2.yml file:

instances:
        - name: 'metricbeat'
          dns: [ 'metricbeat.local' ]

metricbeat.local points to the right IP in /etc/hosts

Any ideas/suggestions? Everything else works just fine.

SOLUTION: I was doing everything right but the certs had root:elasticsearch permissions while they needed root:root permissions for metricbeat! (this guide https://www.golinuxcloud.com/install-configure-metricbeat-monitor-cluster/#Configure_MetricBeat helped me)

πŸ‘︎ 5
πŸ“°︎ r/elasticsearch
πŸ’¬︎
πŸ‘€︎ u/OmegaLulPepeBoi
πŸ“…︎ Feb 26 2021
🚨︎ report
Issue with providing β€œcertificate-authority” data to Helm deployments during AKS cluster creation with Terraform

edit: Solution/workaround at bottom of post.

Hi there, let me know if there's a better place to ask these sorts of questions. Thanks!

We're using Terraform to deploy AKS clusters to an environment behind a proxy over VPN. Deployment of the cluster works correctly when off-network without the proxy, but errors out on Helm deployment creation on-network.

We are able to connect to the cluster after it's up while on the network using the following command after retrieving the cluster context.

kubectl config set-cluster <cluster name> --certificate-authority=<path to organization's root certificate in PEM format>

The Helm deployments are also created with Terraform after the creation of the cluster. It seems that these require the certificate-authority data to deploy and we haven't been able to find a way to automate this at the right step in the process. Consequently, the apply fails with the error:

>x509: certificate signed by unknown authority

Any idea how we can get the `certificate-authority` data in the right place so the Helm deployments stop failing? Or is there a way to get the cluster to implicitly trust that root certificate? We've tried a few different things:

  1. Researched if you could automatically have that data in there when retrieving the cluster context (i.e. az aks get-credentials --name <cluster name> --resource-group <cluster RG>)? Couldn't find an easy way to accomplish this.
  2. We started to consider adding the root cert info as part of the kubeconfig that's generated during deployment (rather than the one you create when retrieving the context). The idea is that it can be passed in to the kubernetes/helm providers and also leveraged when running kubectl commands via local-exec blocks. We know that works but that means that we couldn't find a way to automate that via Terraform.
  3. We've tried providing the root certificate to the different fields of the provider config, shown below. We've specifically tried a few different things with cluster_ca_certificate, namely providing the PEM-style cert of the root CA.

Thanks in advance for the help! Let me know if you need any additional info. I'm still new to the project so I may not have explained everything correctly.

edit:

In case anyone finds this later, we ultimately ended up just breaking the project up into two parts: cluster creation and bootstrap. This let us add a local-exec block in the middle to run the `kubectl config set-cl

... keep reading on reddit ➑

πŸ‘︎ 2
πŸ“°︎ r/kubernetes
πŸ’¬︎
πŸ‘€︎ u/skarcasm
πŸ“…︎ Feb 26 2021
🚨︎ report
Afghan man granted NZ visa despite giving authorities forged police certificate i.stuff.co.nz/national/30…
πŸ‘︎ 33
πŸ“°︎ r/newzealand
πŸ’¬︎
πŸ‘€︎ u/TreeBearOne
πŸ“…︎ Nov 15 2020
🚨︎ report
Just Leaked! Kathleen Kennedy to be awarded certificate by prominent authorities.
πŸ‘︎ 11
πŸ“°︎ r/Doomcock
πŸ’¬︎
πŸ‘€︎ u/Cito_PR
πŸ“…︎ Feb 20 2021
🚨︎ report
Just Leaked! Kathleen Kennedy to be awarded certificate by prominent authorities.
πŸ‘︎ 10
πŸ“°︎ r/Nerdrotic
πŸ’¬︎
πŸ‘€︎ u/Cito_PR
πŸ“…︎ Feb 20 2021
🚨︎ report
Just Leaked! Kathleen Kennedy to be awarded certificate by prominent authorities.
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/Cito_PR
πŸ“…︎ Feb 20 2021
🚨︎ report
Build a Tiny Certificate Authority For Your Homelab smallstep.com/blog/build-…
πŸ‘︎ 62
πŸ“°︎ r/raspberry_pi
πŸ’¬︎
πŸ‘€︎ u/ivanjn
πŸ“…︎ Dec 29 2020
🚨︎ report
Using Windows Certificate Authority - How can I add SAN name into certificate requests?

For starters, this is a new setup, and I'm completely open to switching to Linux and use openSSL or something of the like. I'm drawn to Windows Certificate Authority because there's a web GUI which will make it easy for my team to get certs for their tools.

Currently, when issuing a certificate using the "Web Server" template, they all issue WITHOUT a SAN name, which of course makes Google Chrome freak out.

I made a registry edit, from here. One of the steps is to add the attribute " san:dns=mydomain.com " to the request. Is there a way I can build that into the Web Server template? Some of the CSRs have SANs in them, but they get dropped when the certificate is generated. I'm wondering if there's a way I can maybe even pull DNS records and auto fill. Does anyone have any experience with this?

Also open to changing to OpenSSL or some other alternative, (bonus points for a web GUI). This is a new setup for us so nothing is issued yet.

πŸ‘︎ 2
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/spitzkingOG
πŸ“…︎ Jan 22 2021
🚨︎ report
Issue with providing β€œcertificate-authority” data to Helm deployments during AKS cluster creation with Terraform /r/kubernetes/comments/ls…
πŸ‘︎ 2
πŸ“°︎ r/AZURE
πŸ’¬︎
πŸ‘€︎ u/skarcasm
πŸ“…︎ Feb 26 2021
🚨︎ report
Just Leaked! Kathleen Kennedy to be awarded certificate by prominent authorities.
πŸ‘︎ 5
πŸ“°︎ r/NotMyStarWars
πŸ’¬︎
πŸ‘€︎ u/Cito_PR
πŸ“…︎ Feb 20 2021
🚨︎ report
Build a Tiny Certificate Authority using a Yubikey smallstep.com/blog/build-…
πŸ‘︎ 49
πŸ“°︎ r/yubikey
πŸ’¬︎
πŸ‘€︎ u/kevinds
πŸ“…︎ Dec 25 2020
🚨︎ report
Is there a solid list of Certificate Authority best practices from a reputable source?

I am looking for very high-level best practices for a certificate authority from a reputable source, preferably technology agnostic.

Anyone have a link?

πŸ‘︎ 4
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/CastleCorp
πŸ“…︎ Dec 29 2020
🚨︎ report
Help with Windows Certificate Authority configuration for 802.1x + VPN Radius Authentication

Hey Guys,

At the business I work for we just implemented a new 2 tier windows PKI environment which works great. We have plans to utilize this system to beef up security for our Wifi and VPN via the use of Radius. We are just about to roll out auto-enroll for all domain joined computers to get a certificate based on the default "computer" template on our issuing CA. This should allow our domain joined pc's to authenticate to radius easy enough and make management of the certs easy enough on the CA.

The part I'm stuck on is authentication relating to non domain joined IOS and Android clients. What template should be used for these devices when issuing the devices a certificate (computer or user or something else)? To keep things as simple as possible we are planning on manually generating and installing the certs on mobile devices for our company. Currently I am generating these certs based on the "computer" template in LDAP on a domain joined workstation. The issue I am having though is that the certs aren't easily distinguishable on the CA which may make management a little difficult.

How exactly we plan on using these certs is as follows:
- we (IT) generate the certificate itself on a domain joined admin workstation
- we then manually install this newly generated cert on the mobile device (IOS/Andriod)
- we would like this restricted to the MAC address of the mobile device (if possible) to prevent any security vulnerabilities
- we would like some form of distinguishing information present on the CA so we can tell all the certs apart. Currently since I am generating these certs on my domain joined pc, only my pcs information is being shown on the CA associated to the certificates that I generate. If possible I would like to be able to manually enter some piece of unique information during the creation of the certificate that allows easy differentiation between the certs.

Am I going about this properly? Can someone provide their exact CA template configuration/setup? Maybe also provide a step by step for how you guys issue these certs for mobile devices in your business?

Thanks all!

πŸ‘︎ 7
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ“…︎ Dec 25 2020
🚨︎ report
Could you have a pilot license if had ASD (Asperger Syndrome) or to be more specific health certificate, does aviation authority know?

Could you have a pilot license if had ASD (Asperger Syndrome) or to be more specific health certificate, do your country national aviation authority would know if you omitted this?

In my country, it's Poland, UrzΔ…d Lotnictwa Cywilnego (ULC) Civil Aviation Authority of Republic Poland, I've always dreamed of being a pilot, although I know I can't afford it yet, it's always good to have some dreams.

But to be able to be a pilot, you first need to obtain a valid EASA ( European Union Aviation Safety Agency,) class 2 health certificate (for amateur flying PPL license) or class 1 (for professional flying (CPL license and higher)).

I read the ICAO guidelines for national airline agencies, and I was curious about Asperger, Asperger's Syndrome, it is not Down's syndrome, after all, maybe this is a bad example because no one chose to be born with a given condition, I read that on, for example, you can be a pilot with a visual impairment, if someone has spare glasses, or if someone has had a laser vision correction, I do not have a vision problem so far. :)

But when I asked in Polish and English-language discussion forums for aviation enthusiasts about such ailments as Asperger's Syndrome, someone wrote to me that in the case of psychological ailments that are not some serious psychiatric diseases, but such defects as Asperger's Syndrome, ADHD, etc I wonder if someone does not tell the whole truth, they will catch it? :-)

πŸ‘︎ 3
πŸ“°︎ r/aviation
πŸ’¬︎
πŸ‘€︎ u/Gay-paul1
πŸ“…︎ Jan 12 2021
🚨︎ report
Certificate Authority question

When it comes to Certificate Authorities, we hear of several famous ones like GoDaddy, ZScaler, etc. But who do CA's register with to make them an official CA? Like I heard of Let's Encrypt which basically anyone can use.

In other words, I am trying to obtain a list of legitimate CAs.

when I visit a website, I always check for the CA and although usually they are well known, there are some I never heard of before. I cannot confirm if they are legit or not.

πŸ‘︎ 5
πŸ“°︎ r/techsupport
πŸ’¬︎
πŸ‘€︎ u/jiggy19921
πŸ“…︎ Jan 02 2021
🚨︎ report
Same-sex marriage being performed in 1901: Marcela Gracia Ibeas and Elisa SΓ‘nchez Loriga are wed, with Elisa disguising herself, unbeknownst to authorities, as a man with the name "Mario" on the marriage certificate, in Galicia, Spain. [1024 x 1533]
πŸ‘︎ 20k
πŸ“°︎ r/HistoryPorn
πŸ’¬︎
πŸ“…︎ May 04 2020
🚨︎ report
The Prometheus adapter is throwing "x509: certificate signed by unknown authority" in logs

My premethous url certificate is provided my aws.

How can i get the certificate details from AWS. Is there a way to bypass the certificate validation to fetch the custom metrics from premethous using premethous adapter.

Please let me know why i am facing this error. and any solutions/thoughts will be highly appriciated.

πŸ‘︎ 3
πŸ“°︎ r/kubernetes
πŸ’¬︎
πŸ‘€︎ u/cloudgeek09
πŸ“…︎ Jan 21 2021
🚨︎ report
Do I need to do anything further when it comes to the Certificate Authority once I’ve enabled VPN server function on Router and exported the Ovpn file to OpenVPN iOS app?

Or is the certificate authority part already taken care of as part of this entire process?

πŸ‘︎ 2
πŸ“°︎ r/Asus_Merlin
πŸ’¬︎
πŸ‘€︎ u/RomanJIsraelBro
πŸ“…︎ Feb 02 2021
🚨︎ report
iPhone ignoring my home Certificate Authority but iPad works just fine!?

Hello all,

I've had an iPad for a while and installed both my root and intermediate CA on it for a while. Still to this day it's working fine with iPadOS 14.4. I've also installed this CA on my old android and an old iPhone I was trying out.

I have an iPhone 12 mini right now and both the root and intermediate and verified that it's the same as the iPad in every way. But my internal websites are working with my iPad and NOT my iPhone.

When inspecting the cert that Safari it clearly shows my intermediate there but still says my cert is untrusted. From anything I can tell, my cert is being straight up ignored on my iPhone.

I've already gone over the requirements for a CA in Apple's statement and it clearly works on my iPad so I am at a loss.

Has anyone experienced this or solved this?

Thanks

πŸ‘︎ 2
πŸ“°︎ r/HomeNetworking
πŸ’¬︎
πŸ‘€︎ u/Philipose
πŸ“…︎ Jan 26 2021
🚨︎ report
Wikipedia on the topic of certificate authorities says that "trust is usually anchored in a list of certificates distributed with user agent software, and can be modified by the relying party." What does "list of certificates mean"?

Wikipedia subsection I'm referring to. Is "list of certificates" refering to the certificate authorities that issue the certificates, or just the individual certificates itself? If the latter, why would you need to store such a list. Also, what is meant by user agent software?

πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/A_Cinnamon_Babka
πŸ“…︎ Dec 11 2020
🚨︎ report
Hypothetical question: What if a major Certificate Authority was breached? What could they do ?

Read an article on 'Lets encrypt', and it had me wondering ( I'm not an expert on Certs ) : What is the CA was infiltrated by a state level power. What could they now do? I'm not sure if my question violates the rules, if so please remove this post, but I think it's important to understand basic vulnerabilities if this is one.

πŸ‘︎ 24
πŸ“°︎ r/privacytoolsIO
πŸ’¬︎
πŸ‘€︎ u/two_wheel_now
πŸ“…︎ Nov 13 2020
🚨︎ report
How are you handling Wi-Fi authentication for environments without an on-prem NPS server or Certificate Authority?

Title. There are some customers we're trying to push to zero servers and all InTune, but this is a problem that we've run up against.

SecureW2 seems to be able to do it but I don't know their pricing and they've put it behind a "let's setup a quick call with a salesperson" wall so no thanks.

πŸ‘︎ 5
πŸ“°︎ r/Intune
πŸ’¬︎
πŸ‘€︎ u/jacobjkeyes
πŸ“…︎ Mar 22 2021
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.