The Impending Doom of Expiring Root CAs and Legacy Clients
Recommended read: The Impending Doom of Expiring Root CAs and Legacy Clients https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/
The Impending Doom of Expiring Root CAs and Legacy Clients
Recommended read: The Impending Doom of Expiring Root CAs and Legacy Clients https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/
Keeping Track of Certificate Expiry with a JWKS to iCalendar Converter (4 mins read).
Creating an iCalendar feed for certificate expiry details, given a URI for a JSON Web Key Set.
Extract a Public Cert from a Java Keystore/Truststore (1 mins read).
How to export the public certificate from a Java keystore.
ocsp through proxy - Google Groups
Recommended read: ocsp through proxy - Google Groups https://groups.google.com/forum/#!topic/mailing.openssl.users/dajh2puIxz8
Recommended read: OCSP Validation with OpenSSL https://akshayranganath.github.io/OCSP-Validation-With-Openssl/
Extracting x5c
s from a JSON Web Key Set (JWKS) to PEM files with Ruby (1 mins read).
How to extract the full chain of certificates from a JWKS' x5c
parameter to files.
Extract a Private Key from a Java Keystore (1 mins read).
How to export an asymmetric PrivateKeyEntry
entry from a Java keystore.
Splitting an X509 PEM-Encoded Certificate Bundle into Multiple Files (1 mins read).
Splitting a certificate bundle into separate files using split
or awk
.
Converting an x5c
from a JSON Web Key to a PEM with Ruby (1 mins read).
How to convert a JWK's x5c
to a PEM-formatted certificate with Ruby.
Performing Mutual TLS Authentication with Rest Assured (via Apache HTTP Client) (3 mins read).
How to configure Rest Assured to perform Mutual TLS authentication against an API.
mtls.dev - Generating TLS certs doesn't have to be hard.
This is a great resource for generating certs for performing Mutual TLS authentication, as well some good sample code for how to set up example client/server apps in several programming languages.
Recommended read: mtls.dev - Generating TLS certs doesn't have to be hard. https://mtls.dev/
Everything you should know about certificates and PKI but are too afraid to ask
Recommended read: Everything you should know about certificates and PKI but are too afraid to ask https://smallstep.com/blog/everything-pki/
Setting up a directory for OpenSSL's SSL_CERT_DIR
(2 mins read).
How to configure a directory of trusted certificates for OpenSSL to trust.
Using the OpenSSL Command-Line to Verify an SSL/TLS Connection (2 mins read).
How to use the openssl
command-line to verify whether certs are valid.
BadSSL - test with expired, misconfigured or weak SSL/TLS configuration
Recommended read: BadSSL - test with expired, misconfigured or weak SSL/TLS configuration https://badssl.com/
Trusting Self-Signed Certificates from Ruby (1 mins read).
How to configure Ruby to trust self-signed certificates.
Viewing the Contents of a Certificate Signing Request (CSR) with OpenSSL (1 mins read).
How to look at the contents of a Certificate Signing Request (CSR) with the openssl
command-line tool.
Listing the Contents of a Java Truststore (3 mins read).
How to extract a list of trusted certificates from a Java Trust store.
Extract a Secret Key from a Java Keystore (2 mins read).
How to export a symmetric SecretKey
entry from a Java keystore.
Viewing X.509 DER Certificate Fingerprints with OpenSSL (1 mins read).
How to view an X.509 DER certificate's fingerprint using openssl
commands.
Viewing X.509 PEM Certificate Fingerprints with OpenSSL (1 mins read).
How to view an X.509 PEM certificate's fingerprint using openssl
commands.
Viewing X.509 DER Certificate Details with OpenSSL (2 mins read).
How to convert an X.509 DER file to a human-readable format using openssl
commands.
Viewing X.509 PEM Certificate Details with OpenSSL (2 mins read).
How to convert an X.509 PEM file to a human-readable format using openssl
commands.
Trusting Self-Signed Certificates from the Chef Development Kit (2 mins read).
How to get the ChefDK (and associated tools) to trust internal / self-signed certificates, in an easy oneliner.
Extracting SSL/TLS Certificate Chains Using OpenSSL (1 mins read).
A quick one-liner to get you the full certificate chain in .pem
format.