Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pki]

Public Key Infrastructure is a cryptography system based on X.509 digital certificates, commonly used for encrypted communication and authentication.

Public Key Infrastructure is a cryptography system based on X.509 digital certificates.

OpenSSL and Windows Certificate Authorities are two commonly-used software certification authorities.

228 questions
1
vote
1 answer

Capture and forward extended PKI cert attributes (e.g. UPN) using haproxy

I'm trying to pull an attribute from a client certificate in a mutual authentication scenario and set it as a HTTP header in the request to backend. See fig 1 below. fig1 [user with correct certificate] | | 1.…
MattPark
  • 303
  • 5
  • 20
1
vote
2 answers

PKI - What is the equivalency of a Registration Authority (RA) in AD Certificate Services?

What is the equivalency of a Registration Authority (RA) in AD Certificate Services? I was reading documentation on TechNet (the best ever, jk) and it had explained that NDES was technically the replacement for a RA. Is this correct?
Matt L.
  • 21
  • 3
1
vote
3 answers

TLS 1.2 client hello triggers TCP Reset from 2012 R2

Struggling with a PKI implementation in my lab (ADCS 2012 R2) and cannot for the life of me figure out where I have gone wrong. Got all the way to the point of being able to generate SSL/TLS certs for an IIS server and make the binding. Also used…
Sloan Ozanne
  • 21
  • 1
  • 1
  • 5
1
vote
0 answers

Apache: Intermediate CA on "dark network" (no internet access)

Background: Apache 2.4 (server) and Windows 7 Internet Explorer (client) using PKI; both machines are on a "dark network" (no internet access). Question: In the SSL handshake, how does the client receive the intermediate CA? Can't it use the…
mellow-yellow
  • 441
  • 6
  • 15
1
vote
1 answer

PKI EJBCA : extract CA from EJBCA instance and just keep sub-CA

I'm looking for a solution to extract the CA from EJBCA instance, put it on an external drive, which is secured in a safe-deposit for instance. So I only keep the sub-ca for signing the end user certificates in the EJBCA instance. Then I would only…
Florent
  • 308
  • 2
  • 7
1
vote
1 answer

Configuring NGINX with a user list http header/user?

I've got an nginx config that does ssl-pki authentication - I'm happily able to authenticate my users. However, I want to take it a bit further - I want to allow/deny access to resources based on the ssl variables - specifically $ssl_client_s_dn…
Sobrique
  • 3,747
  • 2
  • 15
  • 36
1
vote
1 answer

Verifying S/MIME signed message with OpenSSL without checking the certificate's purpose

The problem: When I sign a message with a certificate which is used for a HTTPS webserver, OpenSSL does not want to verify it back. Signing a message: echo "TestMessage" | openssl smime \ -sign \ -inkey server-key.pem \ -signer…
ZeWaren
  • 125
  • 1
  • 9
1
vote
1 answer

TLS-PSK vs TLS-PKI

I have read that once TLS-PSK encryption is about equally secure as TLS-PKI. The level of security by both depends on the data entered to configure the encryption. Could you please confirm this? Here are the points I am interested in: What is the…
Bunkai.Satori
  • 117
  • 2
  • 10
1
vote
0 answers

The remote procedure call failed during applying Remote Access Setup Wizard Settings

I have a DirectAccess server with Windows Server 2012 R2 in the DMZ and other services such as Active Directory (located on a subdomain) and the PKI infrastructure in the internal area. And I get this error when I try to apply the setting "Use…
Andrés Rivera
  • 21
  • 3
1
vote
2 answers

PKI - Shared accounts and Non-repudiation

I hope this doesn't come across as an idiotic question, but here is the scenario: We have a server 2008R2 domain, using PKI authentication managed through safenet. For a few systems within our domain, due to design restrictions, several users must…
Gravy
  • 780
  • 1
  • 5
  • 17
1
vote
1 answer

Add issuing CA to online root CA windows 2008 r2

we have an existing internal root CA standalone that issue certificate for our domain mycompany.com. We have multiple certificate installed all over the company from this CA. The problem we're facing is that we have a cisco VPN that need to trust…
Cividan
  • 79
  • 3
  • 10
1
vote
1 answer

PKI - Cert Template could not be loaded. This function is not supported on this system

I've built PKI's many times yet this organization's results have me puzzled. Offline Root 2008 R2 Standard 2xEnterprise Subordinate CA's 2008 R2 Enterprise Installed services, all is good. When I go to add v2, v3 templates they aren't available so I…
Paul Ackerman
  • 2,729
  • 1
  • 16
  • 23
1
vote
0 answers

iPlanet Authentication provider

Good day. I have stepped into project that requires a server migration that would change the means of authentication for our CAC/PKI SSL enabled website. We are using iPlanet 7 and Oracle Directory Server Enterprise 7 as our LDAP server. The…
Travis
  • 111
  • 3
1
vote
1 answer

What format should the .CER file have in the AIA record of a certificate?

I'm updating the .cer file referenced in my end entity's AIA record. What format should I save the file in? By default Windows allows me to save as DER encoded binary X.509 (.cer) Base-64 encoded X.509 (.cer) I also have the ability to save as…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
1
vote
1 answer

How to autoenroll certificates from a Certification Authority in a trusted domain?

I have two Active Directory domains in two separate forests, all at Windows Server 2008 R2 functional levels. There is a two-way forest trust between the domains. Domain A contains a Windows Server 2008 R2 Enterprise Root Certification Authority;…
Massimo
  • 70,200
  • 57
  • 200
  • 323
1 2 3
15 16