kernel: integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011:

I saw this line in my dmesg. Why is there a X.509 Cert from Microsoft in a linux machine?

Any ideas?

πŸ‘︎ 5
πŸ“°︎ r/linuxquestions
πŸ’¬︎
πŸ“…︎ Nov 08 2020
🚨︎ report
[744 x 509]Scharnhorst seen during the operation against Spitsbergen Norway Sept 1943
πŸ‘︎ 251
πŸ“°︎ r/WarshipPorn
πŸ’¬︎
πŸ‘€︎ u/Tsquare43
πŸ“…︎ Sep 14 2020
🚨︎ report
Cheapest Smart Card for use with Windows (X.509 Certificate) [Windows "Hello" / TPM / BitLocker]

Hi All,

I want to use a Smart Card for Login purposes (Windows). There for it needs to store a X.509 Certificate.

  1. What are the (minimum) Standards that such a Card needs to fulfil?
  2. How to transfer the Certificate to the Smart Card? (I would imagine with a management software from the Smart Card vendor?)

I know this Card here should work :

https://www.amazon.com/PIVKey-C980-Enterprise-Smart-Card/dp/B01JQRA2JG/ref=sr_1_4?dchild=1&keywords=smartcard&qid=1602103236&sr=8-4

I ask myself if there are cheaper compatible Smart Cards around that would work for the purpose of being easy writeable and can keep a self-signed X.509?

πŸ‘︎ 6
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/dustfish
πŸ“…︎ Oct 07 2020
🚨︎ report
[744 x 509]Scharnhorst seen during the operation against Spitsbergen Norway Sept 1943
πŸ‘︎ 12
πŸ“°︎ r/GermanWW2photos
πŸ’¬︎
πŸ‘€︎ u/Tsquare43
πŸ“…︎ Sep 14 2020
🚨︎ report
This picture is taken in The Netherlands during WW2. It shows the entrance of a swimmingpool in Krimpen aan de Lek, with the sign β€œJews not allowed”. Taken in 1941. [720 x 509]
πŸ‘︎ 72
πŸ“°︎ r/HistoryPorn
πŸ’¬︎
πŸ‘€︎ u/willem0180
πŸ“…︎ Apr 11 2020
🚨︎ report
Service to Service Authorization in Go Using X.509 Certificates regeda.me/posts/2020-10-2…
πŸ‘︎ 3
πŸ“°︎ r/golang
πŸ’¬︎
πŸ‘€︎ u/regeda
πŸ“…︎ Oct 29 2020
🚨︎ report
[Amazon.ca] ANYCUBIC 3D Printer, MEGA X 509.99 (was 599.99)

Link:
Β Β Β Β  https://www.amazon.ca/ANYCUBIC-Printer- … 9B8GQ65623
Price:
Β Β Β Β 509.99
Discount:
Β Β Β Β 15%
Expires:
Β Β Β Β November 22, 2020
Retailer:
Β Β Β Β Amazon.ca

Looks to be a good deal, almost 100$ off, comes with 1kg filament, good reviews, easy to put together and a solid machine by my research

Edit: Lightning deal

Amazon product: ANYCUBIC 3D Printer, MEGA X FDM Printer Kit with Resume Print and Free 1kg PLA Filament, DIY Printer Works with TPU/PLA/ABS, Large Size 300X300X305mm
Customer Reviews:
Well packaged, easy to set up. It took me under an hour to assemble and calibrate! | I am really amazed by the quality of the printer. | It does a nice quality print. | I had best results using these slicer settings. | Speed <60ms i usually use 50ms for final prints. | Temperature for PLA: 220F Higher is better for layer adhesion (watch out for bubbling) varies per brand and colors. 220 is usually good. | Layer height 1.5-2.5 for the stock nozzle 1.5 for quality 2.5 for test prints. | I suggest you experiment with PLA first as it is an easy material to print. | Then move to PETG ABS… | Also PLA is cheaper so I like to make my test part with it. | I recommend this printer to any hobbyists | It’s easier than it seems and there are million of free files to download and print in a few clicks

Image:

Link:
Β Β Β Β https://www.amazon.ca/ANYCUBIC-Printer- … 9B8GQ65623

πŸ‘︎ 2
πŸ“°︎ r/ShopCanada
πŸ’¬︎
πŸ‘€︎ u/DealsCanada
πŸ“…︎ Nov 22 2020
🚨︎ report
What exactly is PKCS7/CMS and how are they different from x.509

I am really confused over PKCS. I am trying to understand what exactly PKCS and in extension what CMS is. I understand that PKCS was the initial specification and then it was handed over to IETF, and then evolved to CMS.

This part is the only part that is not confusing. Everything else is confusing! Perhaps someone can help clarify? :)

I stumbled on the line from the RFC 5652 defining CMS:

>This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content.

How can a syntax be used to digitally sign stuff?!! I can understand if it states it is a syntax used to describe digitally signed stuff...but signing? how can a syntax be used to sign?

This all tie into my confusion with PKCS/CMS and x509. I understand that x509 is a standard that describes what should make up a certificate, how is this different from PKCS/CMS?

Can an example be given of PKCS/CMS? Maybe this will help me understand better!

Edit:

The Wikipedia entry for CMS does not also help. For example it says:

>It [CMS] can be used by cryptographic schemes and protocols to digitally sign, digest, authenticate or encrypt any form of digital data.

Okay is CMS an encryption algorithm like RSA? No!! so why then say it is a protocol used to digitally sign or encrypt stuff?

πŸ‘︎ 10
πŸ“°︎ r/cryptography
πŸ’¬︎
πŸ‘€︎ u/finlaydotweber
πŸ“…︎ Apr 16 2020
🚨︎ report
GloblaProtect Portal X.509 reverted to deleted X.509 weeks later

I replaced my X.509 wildcard certificate 3/7/2020 because it was expiring 3/9/2020. I imported the PFX and changed the SSL/TLS Certificate Profile. I verified the CA and intermediate were in place and the certificate is currently listed as valid.

I verified both of my GlobalProtect portals and all three Gateways were using the same SSL/TLS Service Profile. I tested the Portal webpages and checked the certificates showed the new certificate chain with new expiration of 2021. I deleted the old certificate and committed the changes.

Today the portals are showing the deleted certificate that is expired. No one is able to connect. This has been working fine for two weeks.

This is a PAN-850 running PAN-OS 9.0.6 with Global Protect 5.0.7. Panorama is running 9.0.6.

I have IP addresses on all my portals and Gateways.

https://live.paloaltonetworks.com/t5/General-Topics/Global-Protect-presents-wrong-TLS-certificate-of-another-portal/m-p/302642#M78858

I opened a case on the Palo Alto Networks support site. The support site would only let me pick my PAN-220-LAB. Lab devices have 8x5 support not 24x7 support, Big WTF on support portal. I am using a PAN-850 with full support. I called into support and cannot get to a person to tell them this is a PAN-850 with support. I cannot wait until Monday. My SE has not answered any of my emails since November.

I am getting ready to start power cycling, factory resetting, and replacing.

πŸ‘︎ 3
πŸ“°︎ r/paloaltonetworks
πŸ’¬︎
πŸ‘€︎ u/joefleisch
πŸ“…︎ Mar 21 2020
🚨︎ report
Exporting non-exportable private keys and X.509 certificates in Windows

Ran into this question a few times:

Windows has an installed certificate and private key, but the private key is marked as non-exportable, even as administrator I cannot get it to export.

Is there any way to still export it?

Yes there is. Provided the private key is not on a TPM or smartcard, this tool will allow you to export any certificate and private key, even when its marked as non-exportable:

https://github.com/iSECPartners/jailbreak

πŸ‘︎ 247
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/Mike22april
πŸ“…︎ May 18 2020
🚨︎ report
X.509: The Impending Doom of Expiring Root CAs and Legacy Clients scotthelme.co.uk/impendin…
πŸ‘︎ 125
πŸ“°︎ r/programming
πŸ’¬︎
πŸ‘€︎ u/pdp10
πŸ“…︎ Jun 17 2020
🚨︎ report
Linux Mint works great, this pops on boot: 0.67765 integrity: Problem loading x.509 certificate -65

Linux mint is working flawlessly but this pops for an instant while booting, should I be worried ? (mint 20, didn't happen with mint 19).

πŸ‘︎ 11
πŸ“°︎ r/linuxmint
πŸ’¬︎
πŸ‘€︎ u/itzGuishe
πŸ“…︎ Aug 03 2020
🚨︎ report
Looking for the Perfect Dashboard: InfluxDB, Telegraf, and Grafana - Part XX (Monitoring SSL Certificates x.509) jorgedelacruz.uk/2020/02/…
πŸ‘︎ 7
πŸ“°︎ r/influxdb
πŸ’¬︎
πŸ‘€︎ u/jorgedlcruz
πŸ“…︎ Feb 11 2020
🚨︎ report
X.509 Certificate error

I have performed a clean install of Tumbleweed and every time I boot I see this error: "integrity : problem loading x.509 certificate -65" I looked for the reasons why it happens and I found that the problem is caused by a UEFI certificate. If I run "mokutil --db" the last key is unknown. So is there a way that I can remove the certificate?

πŸ‘︎ 5
πŸ“°︎ r/openSUSE
πŸ’¬︎
πŸ‘€︎ u/2ndemosthenes
πŸ“…︎ May 16 2020
🚨︎ report
How to set up X.509 / 802.1X certificate authentication on my WiFi networK?

Hey there... So I have been playing around with X.509 certificates and I started my own certificate authority in my homelab. I got my devices to trust my CA root certificate. Now I'd like to be able to do WPA2 Enterprise on my WiFi network, with EAP-TLS (which I think is supported by a lot of devices at this point).

I'm sure this project will involve setting up a FreeRADIUS server.

My hunch is that the big challenge here will be getting client certificates to devices. For example, I'd love to be able to issue short-lived client certificates to guests when they come over, maybe via a captive portal?

Whatever I do, it's probably not going to be as easy as having them open the camera on their phone and point at a QR code with my WiFI info on it. But I'd love to make it as easy as possible. Has anyone set something like this up? Is EAP-TLS the best option? (I know there's EAP-PEAP and EAP-TTLS also.) Any tips or resources?

πŸ‘︎ 2
πŸ“°︎ r/homelab
πŸ’¬︎
πŸ‘€︎ u/thumb_piano
πŸ“…︎ Jul 23 2020
🚨︎ report
Seriously? Cisco put Huawei X.509 certificates and keys into its own switches zdnet.com/article/serious…
πŸ‘︎ 163
πŸ“°︎ r/security
πŸ’¬︎
πŸ‘€︎ u/stereomatch
πŸ“…︎ Jul 05 2019
🚨︎ report
[750 x 509]USS Oregon (BB-3) as Portland, Oregon, 1941-1942 in her final days as a museum ship. imgur.com/0tWvNU6
πŸ‘︎ 38
πŸ“°︎ r/WarshipPorn
πŸ’¬︎
πŸ‘€︎ u/Tsquare43
πŸ“…︎ Jun 15 2020
🚨︎ report
Looking for the Perfect Dashboard: InfluxDB, Telegraf, and Grafana - Part XX (Monitoring SSL Certificates x.509) jorgedelacruz.uk/2020/02/…
πŸ‘︎ 18
πŸ“°︎ r/grafana
πŸ’¬︎
πŸ‘€︎ u/jorgedlcruz
πŸ“…︎ Feb 11 2020
🚨︎ report
After the bombs, Dresden. 1945. (800 x 509).
πŸ‘︎ 49
πŸ“°︎ r/HistoryPorn
πŸ’¬︎
πŸ‘€︎ u/Dhorlin
πŸ“…︎ Feb 22 2020
🚨︎ report
Unable to boot ("integrity: problem loading x.509 certificate")

When I try to boot I get sent to emergency mode with the following error at the top. I have tried UEFI boot mode with secure boot disabled, but no difference. When I switch to legacy mode I get "pxe-media test failiure", and don't even get into emergency mode. I switched back to UEFI. There was this one time when I randomly repeatedly just did "systemctl default" to exit emergency mode and it worked (logged in and everything), but can't reproduce it.

At this point I was afraid that my drive had failed so I did a badblocks test (sudo badblocks -sv <drive>). I have a primary SSD with my OS Ubuntu, and a secondary HDD. My SSD showed no errors. My HDD is quite big and I didn't have the patience to let badblocks do its thing, but there seems to be at least 17 badblocks (at 5% in). However, since my OS is on my SSD I cannot see how this would stop me from booting.

Edit1: Ok I was booting my laptop on my USB and got a notification saying that my secondary HDD was "about to fail soon". So I guess it solves that? But as I stated earlier, my OS is on my primary SSD so Idk why it would affect my booting. However, I migrated my home folder (and consequently a few other stuff over the years) to my secondary drive to save space, so perhaps something essential got shifted to my HDD? IDK still seems weird to me.

Edit: Another thing is, I have a way to safely backup my files, so erasing and reinstalling ubuntu is an option for me. Given that, would that be something that could solve this problem if all else fails?

πŸ‘︎ 5
πŸ“°︎ r/linuxquestions
πŸ’¬︎
πŸ‘€︎ u/InitialOcelot2
πŸ“…︎ Apr 18 2020
🚨︎ report
Beginner questions about x.509 certificates

Hey everyone

I'm very new to all of this, but I'm interested in understanding what x.509 is and how to understand the data from such a certificate.

I'd like to know how to see what port the certificate was served, how I can see the trust anchor and how I would go about making a certificate signing request.

I hope someone can help me with this!

πŸ‘︎ 3
πŸ“°︎ r/AskNetsec
πŸ’¬︎
πŸ‘€︎ u/TTrui
πŸ“…︎ Aug 07 2019
🚨︎ report
X.509 compliant PKI Digital Certificate for TX Online Notary

Hoping this is the right sub!!! (Please please please.) I’m looking for a Digital Certificate that meets the requirements for TX Online Notary... but the state cannot refer me to a provider.

Requirements: Issued by a third party provider Must use PKI Must be X.509 compliant When affixed to a document, must render any subsequent changes as evident

Many thanks, /Crypto!

++++++++ updated ++++++++

I did get a returned call from IdenTrust and they claim that their β€œIGC Basic Assurance” digital certificate meets the minimum requirements. What the heck. If it doesn’t work, then I’ll let AMEX go to bat for me.

Thanks, /Crypto!

πŸ‘︎ 2
πŸ“°︎ r/crypto
πŸ’¬︎
πŸ‘€︎ u/Daddeh
πŸ“…︎ Mar 19 2020
🚨︎ report
x.509 client certificate login procedure

Hey, I hope this is the right subreddit for my question.

We need to implement login using client certificate for one of our projects and I am not sure what data from cert. should be saved to identify a user. We will be using not-self-signed certificates.

My guess would be to store cert's serial number as UID and connect it to a user. Is that correct?

What happens when cert. becomes expired or is close to expiration date?
Thanks!

πŸ‘︎ 2
πŸ“°︎ r/AskNetsec
πŸ’¬︎
πŸ‘€︎ u/Pavlic
πŸ“…︎ May 07 2019
🚨︎ report
Looking for technically accurate information on PKI, TLS, X.509 et al. that is easy to digest? Look no further.

https://smallstep.com/blog/everything-pki.html

I stumbled over this article on Hackernews today, and only began reading it to post some wise-ass corrections on technical subtleties in the comments. Well, that did not work out as planned.

If you ever felt like you should know more about this crypto (the proper kind - not fantasy money that accelerates climate change and makes GPUs unaffordable) stuff, read this. And even if you think you already know enough about this crypto stuff, you should probably read it anyway; it's just really good :)

πŸ‘︎ 40
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/c0l0
πŸ“…︎ Dec 14 2018
🚨︎ report
Re: Dell computers shipping with a Dell root CA, can we have a conversation about the huge number of CAs and how the X.509 model is fundamentally broken?

For reference:

http://www.thoughtcrime.org/blog/ssl-and-the-future-of-authenticity/

https://ma.ttias.be/the-broken-state-of-trust-in-root-certificates/

https://hexatomium.github.io/2015/06/26/ms-very-quietly-adds-18-new-trusted-root-certs/

http://it.slashdot.org/story/15/03/24/1730232/chinese-ca-issues-certificates-to-impersonate-google

http://arstechnica.com/security/2015/10/still-fuming-over-https-mishap-google-gives-symantec-an-offer-it-cant-refuse/

Why the fuck does my browser ship with a root CA that trusts the government of China? Who are all these CAs? Why am I trusting some company I've never heard of in India or Tunisia? How did we end up in this mess?

πŸ‘︎ 79
πŸ“°︎ r/linux
πŸ’¬︎
πŸ‘€︎ u/walrus01
πŸ“…︎ Nov 23 2015
🚨︎ report
X.509 Certificate Tutorial: A SysAdmin Guide adamtheautomator.com/x-50…
πŸ‘︎ 6
πŸ“°︎ r/SysAdminBlogs
πŸ’¬︎
πŸ‘€︎ u/adbertram
πŸ“…︎ Nov 21 2019
🚨︎ report
X.509/TLS/SSL Cert for Internal DNS Server

Hello /sysadmin/,

Disclaimer: I am a network engineer and I rarely deal with the ins and outs of servers. I may be asking stupid questions here.

So one of our clients had a security audit performed on their internal assets. We were provided a report with remediation steps, some of which are very vague. One of the items I am failing to understand is obtaining X.509 certificates. I have a generally good understanding of how certificates work, how to obtain one from a CA, etc. I am trying to understand the practical use in this scenario.

This organization only has an internal DNS server, a backup DNS server, a NAS, and user machines on the LAN. There is no transaction data originating or being sent to the servers. They are not hosting a website on their servers, either.

Based on the recommendations, this organization needs to purchase a certificate for their local machines. This brings me to the question: What devices need a certificate and why? Under Certificates > Local Computer, which area am I installing this certificate? What is being signed here? SMB traffic?

I apologize if this is too vague. I am a bit frustrated with this.

πŸ‘︎ 15
πŸ“°︎ r/sysadmin
πŸ’¬︎
πŸ‘€︎ u/fodderjohnny
πŸ“…︎ Oct 22 2017
🚨︎ report
An Ambrosini SAI. 207 light fighter of the Regia Aeronautica [1200 x 509]
πŸ‘︎ 46
πŸ“°︎ r/WWIIplanes
πŸ’¬︎
πŸ‘€︎ u/Lavrentio
πŸ“…︎ Apr 17 2018
🚨︎ report
Cisco put Huawei X.509 certificates and keys into its own switches zdnet.com/google-amp/arti…
πŸ‘︎ 50
πŸ“°︎ r/hardware
πŸ’¬︎
πŸ‘€︎ u/eric98k
πŸ“…︎ Jul 06 2019
🚨︎ report
Unable to boot ("integrity: problem loading x.509 certificate")

When I try to boot I get sent to emergency mode with the following error at the top. I have tried UEFI boot mode with secure boot disabled, but no difference. When I switch to legacy mode I get "pxe-media test failiure", and don't even get into emergency mode. I switched back to UEFI. There was this one time when I randomly repeatedly just did "systemctl default" to exit emergency mode and it worked (logged in and everything), but can't reproduce it.

At this point I was afraid that my drive had failed so I did a badblocks test (sudo badblocks -sv <drive>). I have a primary SSD with my OS Ubuntu, and a secondary HDD. My SSD showed no errors. My HDD is quite big and I didn't have the patience to let badblocks do its thing, but there seems to be at least 17 badblocks (at 5% in). However, since my OS is on my SSD I cannot see how this would stop me from booting.

Edit1: Ok I was booting my laptop on my USB and got a notification saying that my secondary HDD was "about to fail soon". So I guess it solves that? But as I stated earlier, my OS is on my primary SSD so Idk why it would affect my booting. However, I migrated my home folder (and consequently a few other stuff over the years) to my secondary drive to save space, so perhaps something essential got shifted to my HDD? IDK still seems weird to me.

Edit: Another thing is, I have a way to safely backup my files, so erasing and reinstalling ubuntu is an option for me. Given that, would that be something that could solve this problem if all else fails?

πŸ‘︎ 3
πŸ“°︎ r/linux4noobs
πŸ’¬︎
πŸ‘€︎ u/InitialOcelot2
πŸ“…︎ Apr 18 2020
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.