Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pki]

Public Key Infrastructure is a cryptography system based on X.509 digital certificates, commonly used for encrypted communication and authentication.

Public Key Infrastructure is a cryptography system based on X.509 digital certificates.

OpenSSL and Windows Certificate Authorities are two commonly-used software certification authorities.

228 questions
0
votes
1 answer

Root CA certificate missing from chain but only in IE, Chrome is fine

Does anyone have any idea why the root CA certificate is completely absent (not just present but untrusted) from the HTTPS chain but only in Internet Explorer? The certificate is installed as a trusted root CA, Google Chrome is fine, and both IE and…
mythofechelon
  • 905
  • 3
  • 24
  • 42
0
votes
1 answer

RDP and GPO setting Server Authentication certificate template (Microsoft Windows Server 2016)

We want to force Remote Desktop to use a certificate based on a particular named template rather than using a self-signed certificate. This works in forests with a Certificate Authority server, but not in forests that do not have their own CA…
Jon Pennycook
  • 3
  • 4
0
votes
2 answers

Windows Certificate Templates CSP certificate with Exportable Private Key

I recently created a certificate for a developer using a certificate template. The template was based from an existing one which I believe is based on CNG.I was able to export the private key, but the developer said that it needed to be CSP. After…
RLBChrisBriant
  • 595
  • 1
  • 7
  • 22
0
votes
1 answer

What is the best method for adding RSA Key Fingerprints to known_hosts upon provisioning each server?

This question was inspired by this thread The hypothetical scenario, for context is as follows: SSH servers, whether they be routers, firewalls etc. are all firstly provisioned within a private + secure environment before being deployed. The SSH…
Inquisitive
  • 103
  • 2
0
votes
1 answer

I have an internal PKI with a shared root CA, and multiple intermediate CAs, how do I make anything issued by any intermediate CA to trust everything?

Situation: I have an internal PKI with a shared root CA, and multiple intermediate CAs. I want anything issued by any intermediate CA to all trust each other. Is there a way to do this that most programs/languages will be happy with? My present…
chucky_z
  • 51
  • 4
0
votes
1 answer

number of crl certificate(s) or pem certificate(s) present in p7s file

Q. How can we find out the number of CRL files or number of PEM files that can be generated from a P7S file? I understand ( from here ) that the data that is contained in a P7S file is nothing but the encoded(in ASN1, DER format) data of PEM…
csavvy
  • 125
  • 4
0
votes
1 answer

I have to take rdp session into two different servers in succession before I can take rdp to the PKI server - Automate this?

Is it possible to write a powershell script that executes on my laptop and copy data from pki server back to my laptop.? If yes How would one proceed to do so? Right now all this is done manually. What kind of permissions would I need. I have all…
cypherphage
  • 13
  • 2
0
votes
1 answer

vsftp has a bug with Fedora 32 - how do I report it: 500 OOPS: SSL: cannot load RSA private key vsftpd

Just to be clear, this is as of Fedora 32, and vsftpd-3.0.3-36.fc32.x86_64 for vsftpd. This is NOT the same problem as previously was reported here, but it has the same outward appearance and, indeed, the answer(s) there were helpful in my figuring…
Richard T
  • 1,206
  • 12
  • 29
0
votes
0 answers

Cannot reach HTTPS page with self-signed server certificate and DoD CA certificates

I'm attempting to create a local web server using Flask, a Python microframework, that uses the PKIs on a DoD CAC. I've created the self-signed root CA and server certificate and key following this set of instructions. I then downloaded the…
pstatix
  • 111
  • 2
0
votes
0 answers

This computer can't connect to the remote computer. Unknown key usage (1.3.6.1.4.1.311.54.1.2)

I'm unable to RDP to a server on our child domain after adding a Remote desktop certificate that is signed by one of our Certificate authorities. We have intentionally removed the self-signed RDP certificate and when I attempt to connect via RDP I…
redhatsamurai
  • 3
  • 7
0
votes
0 answers

ADCS Change AIA information from existing certificate

We have built a tier 2 PKI. Recently we decided to start hosting our CDP & AIA on a seperate webserver. However this was not originally in the design, so now we have problems with the certificate chain as the webserver is included on the Root…
kevin rennenberg
  • 73
  • 1
  • 13
0
votes
0 answers

Icinga PKI Agent-Satellite-Master

According to the documentation on https://icinga.com/docs/icinga2/latest/doc/06-distributed-monitoring/, all nodes in an Icinga Monitoring need to have one CA which is on the master node. But I think, I miss something here, because the agent is…
TRW
  • 488
  • 3
  • 16
0
votes
0 answers

Windows CA Migration - Testing the Backup

I need to migrate our Certificate Services from one server to a new one. I am following a guide and there is the stage where you backup the old CA. How do you test that backup? I want to be able to check that backup is going to work before…
RLBChrisBriant
  • 595
  • 1
  • 7
  • 22
0
votes
1 answer

Ubuntu requires subordinate CA as well as Root CA

I have an environment with a root CA and a subordinate CA. my environment is mixed. I have both windows and Linux (Ubuntu 18) servers. On the windows machines it is enough to add the root CA to the trusted root certificates store, and from there on…
GKman
  • 495
  • 3
  • 9
  • 16
-1
votes
2 answers

I'm not sure which files I should generate from the bundle certificate, anyone knows?

I've bought a new wildcard certificate and got a zip file which contains the follow files: star.domain.com.crt star.domain.com.ca-bundle star.domain.com.p7b The service provider which requires the certificates wants that I'll send him the new…
Itai Ganot
  • 10,644
  • 29
  • 93
  • 146
1 2 3
15
16