Search Results
| Search type | Search syntax |
|---|---|
| Tags | [tag] |
| Exact | "words here" |
| Author |
user:1234 user:me (yours) |
| Score |
score:3 (3+) score:0 (none) |
| Answers |
answers:3 (3+) answers:0 (none) isaccepted:yes hasaccepted:no inquestion:1234 |
| Views | views:250 |
| Code | code:"if (foo != bar)" |
| Sections |
title:apples body:"apples oranges" |
| URL | url:"*.example.com" |
| Saves | in:saves |
| Status |
closed:yes duplicate:no migrated:no wiki:no |
| Types |
is:question is:answer |
| Exclude |
-[tag] -apples |
| For more details on advanced search visit our help page | |
Results tagged with x.509
Search options not deleted
user 64135
X.509 is a standard for a public key infrastructure used for authentication and access control. X.509 specifies standard formats for certificates, revocation lists, attribute certificates, and path validation.
1
vote
Accepted
How are X.509 certificate revoked?
If you are using a standard protocol to enrol, then that protocol may also have the ability to revoke (e.g. ACME protocol does, and so does CMC).
Otherwise, you should read their CPS (section 4.9) and …
- 1,694
3
votes
Accepted
How can I recover the full certificate chain knowing the final X.509 certificate?
The Authority Key Identifier (AKI) extension in a certificate points to the signing key, which should be unique to a CA certificate.
From RFC 5280 Section 4.2.1.1:
The authority key identifier extens …
- 1,694
1
vote
Accepted
Which attribute in DN is commonly used to specify the class/type/usage of certificate/end-en...
That depends on the software that will check the certificate. If that is under your control and especially if you (or your colleagues) are developing it, then you can simply pick any attribute. Howe …
- 1,694
9
votes
Accepted
X.509 certificate renew vs. rekey
From RFC 3647: Internet X.509 Public Key Infrastructure -- Certificate Policy and Certification Practices Framework:
4.4.6. Certificate Renewal
This subcomponent is used to describe the following el …
- 1,694
2
votes
Accepted
Distrusting a cross signed certificate
With the self-signed CA1 removed from server2's trust anchor store, then to server2, CA1 is just another intermediate CA which in this case is signed by CA2.
Server 2 will build the chain to be:
serve …
- 1,694
2
votes
2
answers
4k
views
Is there any use in an AIA Extension in a Certificate directly issued by a Root CA?
While most documentation I've read states that there is no requirement to have the AIA extension in a self-signed Root certificate (logical enough), I can't find anything that tells me not to do so in …
- 1,694
0
votes
How can I prevent non-SAN TLS certificates from bypassing name constraints?
You don't apply name constraints to the root CA certificate. It asigns name constraints to certificates it issues.
There's no guarantee or expectation that name constraints or other extensions in root …
- 1,694
0
votes
what is the different between X.509 certificate and 2-way SSL? or both are same?
An X.509 certificate is a format for sharing a public key along with the name of the entity that holds that public/private key pair and optional extensions such as usage. It is usually signed by a ce …
- 1,694
2
votes
Can Passpoint X.509 certificates be used to MITM SSL connections on Passpoint networks?
The certificates in your linked images are commercial certificates, therefore your device trusts those already by virtue of the fact that the commercial root CA certificate is in its trust store.
The …
- 1,694
3
votes
How does the browser decide to accept a self-signed certificate?
Browsers will alert the user if they are presented with a self-signed certificate which they don't trust.
The browser user or system administrator should preempts this scenario and add the self-signe …
- 1,694
3
votes
Accepted
What is the best practice for relying parties to selectively trust certificates in a corpora...
Your option 2 is correct.
You need to use the Certificate Policies extension as you suggested.
X509 defines a Certificate Policy as:
A named set of rules that indicates the applicability of a certifi …
- 1,694