Can Standalone (online) CA + Subordinate Enterprise CA configuration issue...
The question is purely about whether this config is capable of issuing valid intranet SSL certs (i.e. SSL certs for internally facing sites), and not any other implications or concerns.(The focus of...
View ArticleClik here to view.
Must a valid SSL/TLS certificate include "client authentication" purpose (OID...
In other words, could the missing "client authentication" purpose in our CA-issued SSL cert be the reason it's not trusted by browsers?If so, how do I add that purpose / OID in a CSR (Certificate...
View ArticleWarning with sending emails from Thunderbird to Postfix using its own CA
I'm asking for help because I simply don't have the strength anymore, I've spent a lot of time and I'm still left with an unsolved puzzle.My problem: I keep getting "Wrong Site" warnings when sending...
View ArticleAttributes Windows CA templates
Windows Enterprise CA.I have been requested that in the certificates appear the following attributes: OU, C (country) and O (organization).I have seen that in the certificate template in the "Subject...
View ArticleOpenVPN Revoke a certificate without the CRT file with Easy RSA
I'm confused, I have an OpenVPN server on Debian. The previous system administrator who was in charge of this server deleted the user certificates (.crt file) with the command "rm -f example.crt"....
View ArticleOpenSSL error while loading CRLnumber
I am unable to generate a CRL. I am probably missing something in the configuration file. The error I get is "openssl error while loading crl number."Crl config section:[ CA_default ]# Directory and...
View ArticleClik here to view.
Unable to enroll Windows workstation in enterprise CA -...
I have a single machine, out of hundreds, that will not pull a certificate from our enterprise CA when trying to enroll it.The CA shows a failed request with error: DNS name does not exist. 0x800725f2...
View ArticleCannot pull images from Kubernetes from a private registry with self-sign...
I created a private registry with a self-sign certificateIf I'll try to pull the image from it w/o importing the CA into trusted certificates, it will fail.If I'll try to update trusted certificates...
View Articleopenssl s_client shows an incorrect certificate chain
On one of my servers belonging to a customer I "suddenly" cannot verify any public TLS certificates. All requests to "the public" fail on an invalid certificate. I can, however, verify certificates...
View ArticleFreeIPA subject name encoding mismatch when renewing certificate
When reading this question and answer, it seems this should be possible but I need a little more help understanding the answer.Is there a way to change the string format for an existing CSR "Country...
View ArticleHow can I add a CRL to an existing Certificate Authority Certificate?
We have our own CA for internal use that secures about ten servers/services. We don't actually have or need a Certificate Revocation List.But, as we are attempting to setup Dovecot to verify the...
View ArticleImplementing PKI on an Active Directory domain
I would like to implement a two-tier PKI in a relatively small Windows environment: about 35 users and five virtual servers. Although I have little experience with Linux, I am trying to use XCA on a...
View ArticleBluehost - wrong certificate presented by host for API call to Twilio
Bluehost VPS running CentOS, but cat /etc/redhat-release reveals CloudLinux release 6.10 (Final).Executing curl commands against Twilio APIs on my local PC (Win11/IIS/PHP) works fine. When I attempt...
View ArticleLDAPS certificate isn't working on new server for third parties
About 5-6 years ago I setup LDAPS on my Primary Domain controller. I setup Active Directory Certificate Services (all on the same server), forwarded the port 636 on my firewall, and was able to...
View ArticleWindows CA Publishing Expired Certs in CRL When not configured to do so
I have a Windows ADDS CA that for some reason is publishing revoked but expired certificates in the CRL and I can't for the life of me figure out why. Here is my configuration:Server 2012 R2Standalone...
View ArticleClik here to view.
Why doesn't Google Chrome on Mac pick up local Certificate Authority as the...
I have generated local CA and Cert on my Mac, from this walkthrough: https://blog.arrogantrabbit.com/ssl/Root-CA-macOS/I then provide the certificate/key to nginx local server, that I visit with my...
View ArticleMultiple certificate chains in a single file
My company has a Windows-based PKI with a single standalone root CA and several subordinate CAs for different audiences/purposes (e.g. two subordinate CAs for user/machine auto-enrollment, an...
View ArticleHow to extract CA Certificate from .pfx file and add it to a trust store file
I have a .pfx file that has multiple certificates, one of them is the signing CA certificate of a server certificate assigned to the IBM i Remote Command Server in DCM.I managed to use openssl and...
View ArticleClik here to view.
Active Directory TLS authentication issue (Windows Server 2019 & 2012 R2)
I am facing an issue with AD TLS communication-related issues.Six months before I could authenticate the user on SSL communication using the CA certificate alone.Currently, I cannot authenticate with a...
View ArticleWhy is certificate request invalid from Exchange 2019?
I am creating a cert request in powershell on an exchange 2019 server as follows:$binrequest = New-ExchangeCertificate -Server "exchange" -BinaryEncoded -GenerateRequest -FriendlyName "Exchange...
View Article
