Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pki]

Public Key Infrastructure is a cryptography system based on X.509 digital certificates, commonly used for encrypted communication and authentication.

Public Key Infrastructure is a cryptography system based on X.509 digital certificates.

OpenSSL and Windows Certificate Authorities are two commonly-used software certification authorities.

228 questions
1
vote
1 answer

Word document signing - extremely long wait verifying signatures

Our users all have Office 2016 (365 subscription version). We have our own internal MS certificate authority with signing certificates issued to each user. I have a document in Word with 2 signature fields. One person signs it with their…
Grant
  • 17,859
  • 14
  • 72
  • 103
1
vote
1 answer

Strongswan PKI - ED25519 Certifcates - OCSP Responder having issues

I am trying to setup an ocsp for the certificates generated out of strongswan PKI - using it as a CA. If I try to use openssl it just throws out Can't open index.txt.attr for reading, No such file or directory Tried re-doing the certificate line.…
shinooni
  • 33
  • 4
1
vote
0 answers

SSH Gateway Pass-through Authentication

We are looking to configure a 'transparent' SSH gateway that passes authentication on to an upstream SSH server based upon the username in the SSH request. All users will be using public key authentication, no passwords. We'd like for the applicable…
hermetik
  • 73
  • 1
  • 4
1
vote
1 answer

CA certificate name contrains issue with regard to Common Name (CN=)

Can someone please confirm (or better still tell me a why I can achieve the following if it is at all possible) my understanding/issue I use a Microsoft CA (Domain Joined) from what I have read here and on other blogs posts I cannot use name…
user7340057
  • 11
  • 1
1
vote
1 answer

Group security permissions for certificate template not working

I have a certificate template published on my domain-joined Server 2016 Enterprise CA - I'm trying to set up certificate autoenrollment for our internal webservers. When the template has read/enroll/autoenroll permissions granted directly to a…
JMP
  • 123
  • 1
  • 1
  • 6
1
vote
0 answers

Issue certificate to IP address in AD CS

We're trying to get a Sophos XG 210 to connect via LDAPS to an Active Directory Domain Services (AD DS) / Domain Controller (DC) server but doing so fails with the following two errors: Device - AD server connectivity test failed Connectivity to…
mythofechelon
  • 905
  • 3
  • 24
  • 42
1
vote
1 answer

Block Subject Alternative Names in ADCS

I am managing a Windows 2008 ADCS CA and have been aware of the security risks in issuing certificates with SANs. So I tested issuing a PKCS10 file with SANs in the request and it issued the certificate with the SANs when it's supposed to be…
JuanKB1024
  • 133
  • 1
  • 2
  • 7
1
vote
1 answer

Active Directory Certificate Services CEP/CES won't show templates added to CA

I am running this on Server 2016, domain is 2012r2, client computers are Win10 and Win7. I have a two-tier PKI infrastructure (offline root) that I recently set up, and I have had no issues with most of the configuration. The issue that I currently…
Joseph Alcorn
  • 257
  • 5
  • 14
1
vote
1 answer

certmonger save chained certificate for nginx

We use certmonger to issue certs for backend systems, this works fine for apache but with nginx I must specify a chained cert. getcert request -f /etc/pki/tls/certs/$(hostname).crt -k /etc/pki/tls/private/$(hostname).key -r -F…
Jacob Evans
  • 7,886
  • 3
  • 29
  • 57
1
vote
1 answer

DirectAccess and renewing SSL with new PKI?

We have deployed DirectAccess in our network for our Windows 7/10 clients which works great. The issue is, the DA server/client certificates are based on a internal PKI we are retiring; we have build another PKI (two-tier, offline rootca and…
user146882
1
vote
0 answers

Unable to generate and import user certificate from ADCS in Chrome

We are using Certificate Based Authentication using ADCS. So in order for user to access an internal website, they need their own signed certificate. With ADCS, the user gets their signed certificate in form of CRT files ( user1.crt ) which they can…
zealvora
  • 81
  • 2
  • 9
1
vote
0 answers

java.security.KeyStoreException: TrustedCertEntry not supported

I am trying to secure my private docker registry using SSL encryption. According to this, I need to copy a .crt and .key to a /certs directory and it will work. What I have now is a .csr, .keystore and .cer and a root ca, intermediate certificate.…
saurg
  • 113
  • 1
  • 2
  • 4
1
vote
2 answers

Two factor authentication for password login but not for login using keys files

I configured ssh to using keys files situated in ~/.ssh to login. Now I'd like to install a two factor authentication when using password, but not required when using key files. I've seen how to install two factor authentication here: DigitalOcean:…
Nicox11
  • 11
  • 4
1
vote
1 answer

let's encrypt certificates vs squid transparent proxies

I have an issue with setting up a transparent Squid proxy on a pfsense firewall. I created a CA for HTTPS MITM, installed it in my browser and it works with most websites. However sites like ubuntuusers.de use a let's encrypt certificate seem to…
user6329530
  • 237
  • 2
  • 13
1
vote
0 answers

Pulling Subject Alt Name - Apache Reverse Proxy PIV CAC Authentication

I have created an apache 2.2 reverse proxy running on red hat. This proxy will need to accept a client certificate, pull the needed information, and pass that along to an application running locally within the header. NameVirtualHost…
Brett Salmiery
  • 31
  • 4
1 2 3
15 16