Topics related to Public Key Infrastructure (PKI).
For some reason the vast majority of VMware environments we run into continue to utilize the default untrusted self-signed VMware web client front end certificate. Why? Who knows – maybe admins are intimidated by the seemingly daunting procedure of replacing the machine SSL certificate. But let’s face it, daunting or not, any HTTPS website should …
With the upcoming deprecation of TLS-SNI-01, Let’s Encrypt certificate renewals may start breaking for some clients. For more information regarding the TLS-SNI-01 ACME protocol deprecation see Bulletproof TLS Newsletter #37. As per Let’s Encrypt’s recent notification, “It will stop working temporarily on February 13th, 2019, and permanently on March 13th, 2019”. TLS-SNI-01 validation is reaching …
The other day, a client was deploying a new solution and needed a subordinate (SubCA) certificate for their networking device. The device basically needed to issue its own trusted certificates to clients within the internal network. They already had an internal 2-tier Microsoft CA infrastructure in place. One offline root CA and 2 enterprise subordinate …
Issue Subordinate CA Certificate from Offline Root CA Read More »