Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pki]

Public Key Infrastructure is a cryptography system based on X.509 digital certificates, commonly used for encrypted communication and authentication.

Public Key Infrastructure is a cryptography system based on X.509 digital certificates.

OpenSSL and Windows Certificate Authorities are two commonly-used software certification authorities.

228 questions
0
votes
2 answers

AD CS - OID for root and issuing CAs

I am willing to install a Root CA and an Issuing CA with AD CS for my private environment (test purpose). Do I need to obtain public OIDs (i.e. from IANA) or can I skip this requirement since my CAs are private within my domain?
SubZeno
  • 181
  • 1
  • 1
  • 7
0
votes
1 answer

save openvpn PKI passphrase

I'm using two servers. VPN Server (A), and Client (B). They are both using Ubuntu. The VPN server was installed using PIVPN: curl -L https://install.pivpn.io | bash How do you save the OpenVPN PKI passphrase, in the .ovpn file? thanks
Ian Arman
  • 123
  • 3
  • 8
  • 15
0
votes
1 answer

How to view signatures fulfilling the "Authroized Signatures" option in a Smart Card Logon certificate from a Windows CA

I'm playing with the Windows Server CA role and Smart Card logons. We have a working PKI setup and smart card issuance/logon working. What I'm curious about is the "Require this number of authorized signatures" option in the "Smartcard Logon…
Nicholas Dechert
  • 35
  • 1
  • 1
  • 9
0
votes
1 answer

StrongswanPKI - Adding status_request or MustStaple TLS extension to certificate?

Using PKI tool from strongswan to setup a CA. Trying to setup the OCSP side of things have run into many issues as per another thread I posted (Strongswan PKI - ED25519 Certifcates - OCSP Responder having issues). Now I am looking at how to add…
shinooni
  • 33
  • 4
0
votes
2 answers

Certificate with SubjectAlternativeName (SAN) gives ERR_CONNECTION_RESET in Google Chrome

There is a non-public-facing application. I am trying to make sure that there are no HTTPS-related warnings/errors. The error I receive after putting the certificate with SAN field (signed by a trusted CA) is that the web application won't load at…
Avineshwar
  • 19
  • 3
0
votes
1 answer

What's "COMODO DCV" is looking for on my server?

Setup: Apache 2.4 Webmin/Virtualmin I'm getting my SSL certificate with Let's encrypt, using also auto renewal. Several hosts with SSL certificate has been created but delete since several months(~2-3 months ago). I'm having regularly this kind of…
Matthieu Ducorps
  • 73
  • 1
  • 9
0
votes
0 answers

How to use public / private x.509 for user authentication with nginx

I have a small nginx web server setup at my house, and access to a CAC and reader. the CAC already has public/private x.509 certificates loaded on it. I can export the certificates no problem. I'm trying to figure out how to store the public…
joel
  • 26
  • 2
0
votes
1 answer

Renewing SubCA Certificate Issue after Renewing Root CA on W2k3

I'm facing an issue to renew SubCA certificate on Windows 2003. I keep getting this error (see images). I've looked for many solutions and one of them is to copy CLR from rootCA (which is a standalone server) to SubCA server (something like this…
Sam Doxy
  • 446
  • 4
  • 7
0
votes
1 answer

Certificate Chain (Self-signed root CA)

I am creating a self-signed Root CA for internal usage, I have decided to use an intermediate certificate. However, I am having issues with Chromium and Firefox 54.0 not trusting the certificate chain. The content is being hosted via Apache 2.4.18…
safesploit
  • 101
  • 4
0
votes
2 answers

What's the benefit of having a two-tier PKI heirarchy?

According to the way I read the literature, a two-tier PKI heirarchy with an offline root CA provides redundancy and an extra layer of security in case your subordinate CA's private key gets compromised. But how does this work? Let's say I have an…
Wes Sayeed
  • 1,902
  • 6
  • 28
  • 43
0
votes
1 answer

ADCS PKI - Cross-Certification or Bridge CA?

Our company is being acquired by another company and we are curious on the requirements needed to create a cross-certification / bridge CA solution. Cross-Certification is issuing a Cross Certification Auth. certificate to the root CA of Fabrikam…
Matt L.
  • 21
  • 3
0
votes
1 answer

Continuity247 and Sophos TLS errors

Two on-premises Continuity247 (rebadged R1Soft which is Ubuntu-based) servers were on two different LANs which used a Cyberoam CR50iNG and a Sophos XG 85. Both worked absolutely worked fine. The servers' networking was reconfigured and were moved to…
mythofechelon
  • 905
  • 3
  • 24
  • 42
0
votes
1 answer

Replace decommissioned root CA

Backstory Long ago, an MSP: Originally, setup Windows SBS 2003 which was probably the DC and root CA. Presumably much later, setup Windows Server 2008 R2 as a DC and decommissioned Windows SBS 2003 but didn't seem to do a thorough job because the…
mythofechelon
  • 905
  • 3
  • 24
  • 42
0
votes
1 answer

Icinga2 rejects new pki certs

I have one Icinga2 master (mon-master) and one Icinga2 client (cl0). Both are Icinga2 v2.6.3. Today I successfully ran 'icinga2 node wizard' on cl0 but there seems to be something wrong with the certs. When I attempt to start Icinga2 on cl0 I…
mr.zog
  • 923
  • 3
  • 20
  • 39
0
votes
1 answer

Parallel PKI hierarchy Setup With ADCS

I am very new to ADCS, and have a challenge to migrate our old Tire-2 PKI to SHA-256. As we were suggested to setup a parallel SHA-2 CA, I am not greeting any idea, how to go ahead with it, I can create a offline Root CA with SHA-2, but then how do…
Sulu
  • 1
1 2 3
15 16