ALL
All I Know About Certificates -- Certificate Authority
One of the crucial steps in the TLS handshake is for the server to prove its identity to the client. While there is plenty of content explaining the principles of the handshake, there's less information about certificates, which are a critical component of TLS/SSL. This series of articles aim to explain what certificates are used for, how Google prevents others from impersonating Google, and why certificate issues frequently arise, among other topics.(Postscript: It took me a full 10 hours to write these articles. It's quite straightforward, with no mathematical content, just a few OpenSSL com...
51,557 1 CLIENTS WEBSITE CERTIFICATE SSL CERTIFICATE
Goodbye Manual Processes, Hello Automation Certificate Lifecycle Management Like It’s Supposed to Be
At the heart of every story lies a villain and a hero. In the never-ending story of certificate lifecycle management, there’s no bigger villain than manual effort. Destructive, irrepressible, and risk-laden, this villain causes nothing but mayhem and loss. Automation, the hero, is the complete opposite of manual effort. Proactive, solution-oriented, and breach-proof, this hero deserves recognition, allegiance, and attention, yet they get none of that from a majority of today’s organizations. It’s time for a script change. Here’s why you should automate your certifi...
1,032 0 DATA SECURITY CERTIFICATE
Certificate is invalid for localhost in Chrome
...
14,741 2 CHROME CERTIFICATE HTTPS LOCALHOST ELASTICSEARCH
Using keytool to create certificate chain
JDK provides a command line tool -- keytool to handle key and certificate generation. This tool has a set of options which can be used to generate keys, create certificates, import keys, install certificate and export certificates etc. In this tutorial, we will show how to create certificate chain using keytool. If you want to understand how to create certificate chain programmably, please refer to Generate certificate in Java -- Certificate chain.To begin, we first generate a key pair which will be used as the CA, ts private key will be used to sign the certificate it issues.keytool -gen...
50,036 1 JAVA KEYTOOL CERTIFICATE CHAIN CERTIFICATE
Generate certificate with cRLDistributionPoints extension using OpenSSL
In an X509 certificate, the cRLDistributionPoints extension provides a mechanism for the certificate validator to retrieve a CRL(Certificate Revocation List) which can be used to verify whether the given certificate is revoked. A cRLDistributionPoints extension can contain one or more DistributionPoints where the CRL can be retrieved from. Each DistributionPoint consists of three fields,each of which is optional:distributionPoint : it contains either a SEQUENCE of general names or a single value. One distributionPoint can contain one or more general names which show w...
36,229 0 EXTENSION OPENSSL CERTIFICATE X509 CRLDISTRIBUTIONPOINT
Generate certificate in Java -- Self signed certificate
This is the first post in this series which I will show you how to generate SSL certificate in Java programmatically. Certificates are frequently used in SSL communication which requires the authentication of server to client. This is to make the client to trust that the server is actually the one it claims. Certificates are really important on the Internet. All HTTPS communications on the Internet need the server side to present their certificates signed by trusted CAs.The basic flow of a request generation is that we first use some tool to generate the certificate request, this certificate r...
57,772 21 JAVA CERTIFICATE X509