The Impending Doom of Expiring Root CAs and Legacy Clients
Recommended read: The Impending Doom of Expiring Root CAs and Legacy Clients https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/
Tag certificates
Keeping Track of Certificate Expiry with a JWKS to iCalendar Converter (4 mins read).
Creating an iCalendar feed for certificate expiry details, given a URI for a JSON Web Key Set.
by 
Jamie Tanna
.
#java
#jwks
#certificates
#jwks-ical
#calendar
#google-cloud
#serverless.
Extract a Public Cert from a Java Keystore/Truststore (1 mins read).
How to export the public certificate from a Java keystore.
by Jamie Tanna
.
#blogumentation
#java
#keystore
#certificates.
ocsp through proxy - Google Groups
Recommended read: ocsp through proxy - Google Groups https://groups.google.com/forum/#!topic/mailing.openssl.users/dajh2puIxz8
by Jamie Tanna
.
#openssl
#certificates.
Recommended read: OCSP Validation with OpenSSL https://akshayranganath.github.io/OCSP-Validation-With-Openssl/
by Jamie Tanna
.
#certificates
#openssl.
Extracting x5cs from a JSON Web Key Set (JWKS) to PEM files with Ruby (1 mins read).
How to extract the full chain of certificates from a JWKS' x5c parameter to files.
Extract a Private Key from a Java Keystore (1 mins read).
How to export an asymmetric PrivateKeyEntry entry from a Java keystore.
by Jamie Tanna
.
#blogumentation
#java
#keystore
#certificates.
Splitting an X509 PEM-Encoded Certificate Bundle into Multiple Files (1 mins read).
Splitting a certificate bundle into separate files using split or awk.
by Jamie Tanna
.
#blogumentation
#command-line
#certificates.
Converting an x5c from a JSON Web Key to a PEM with Ruby (1 mins read).
How to convert a JWK's x5c to a PEM-formatted certificate with Ruby.
by Jamie Tanna
.
#blogumentation
#ruby
#jwks
#jwk
#certificates
#pem
#x509
#openssl.
Performing Mutual TLS Authentication with Rest Assured (via Apache HTTP Client) (3 mins read).
How to configure Rest Assured to perform Mutual TLS authentication against an API.
by Jamie Tanna
.
#blogumentation
#certificates
#mutual-tls
#java
#rest-assured.
mtls.dev - Generating TLS certs doesn't have to be hard.
This is a great resource for generating certs for performing Mutual TLS authentication, as well some good sample code for how to set up example client/server apps in several programming languages.
Recommended read: mtls.dev - Generating TLS certs doesn't have to be hard. https://mtls.dev/
Everything you should know about certificates and PKI but are too afraid to ask
Recommended read: Everything you should know about certificates and PKI but are too afraid to ask https://smallstep.com/blog/everything-pki/
by Jamie Tanna
.
#certificates
#encryption
#cryptography
#pki.
Setting up a directory for OpenSSL's SSL_CERT_DIR (2 mins read).
How to configure a directory of trusted certificates for OpenSSL to trust.
Using the OpenSSL Command-Line to Verify an SSL/TLS Connection (2 mins read).
How to use the openssl command-line to verify whether certs are valid.
by Jamie Tanna
.
#blogumentation
#openssl
#certificates
#command-line
#nablopomo.
BadSSL - test with expired, misconfigured or weak SSL/TLS configuration
Recommended read: BadSSL - test with expired, misconfigured or weak SSL/TLS configuration https://badssl.com/
by Jamie Tanna
.
#certificates.
Trusting Self-Signed Certificates from Ruby (1 mins read).
How to configure Ruby to trust self-signed certificates.
by Jamie Tanna
.
#blogumentation
#ruby
#certificates
#nablopomo.
Viewing the Contents of a Certificate Signing Request (CSR) with OpenSSL (1 mins read).
How to look at the contents of a Certificate Signing Request (CSR) with the openssl command-line tool.
by Jamie Tanna
.
#blogumentation
#openssl
#certificates
#nablopomo.
Listing the Contents of a Java Truststore (3 mins read).
How to extract a list of trusted certificates from a Java Trust store.
Extract a Secret Key from a Java Keystore (2 mins read).
How to export a symmetric SecretKey entry from a Java keystore.
by Jamie Tanna
.
#blogumentation
#java
#keystore
#certificates.
Viewing X.509 DER Certificate Fingerprints with OpenSSL (1 mins read).
How to view an X.509 DER certificate's fingerprint using openssl commands.
by Jamie Tanna
.
#blogumentation
#certificates
#command-line
#der
#openssl.
Viewing X.509 PEM Certificate Fingerprints with OpenSSL (1 mins read).
How to view an X.509 PEM certificate's fingerprint using openssl commands.
by Jamie Tanna
.
#blogumentation
#certificates
#command-line
#pem
#openssl.
Viewing X.509 DER Certificate Details with OpenSSL (2 mins read).
How to convert an X.509 DER file to a human-readable format using openssl commands.
by Jamie Tanna
.
#blogumentation
#certificates
#command-line
#der
#openssl.
Viewing X.509 PEM Certificate Details with OpenSSL (2 mins read).
How to convert an X.509 PEM file to a human-readable format using openssl commands.
by Jamie Tanna
.
#blogumentation
#certificates
#command-line
#pem
#openssl.
Trusting Self-Signed Certificates from the Chef Development Kit (2 mins read).
How to get the ChefDK (and associated tools) to trust internal / self-signed certificates, in an easy oneliner.
by Jamie Tanna
.
#blogumentation
#chef
#chefdk
#certificates
#berkshelf.
Extracting SSL/TLS Certificate Chains Using OpenSSL (1 mins read).
A quick one-liner to get you the full certificate chain in .pem format.
by Jamie Tanna
.
#blogumentation
#bash
#shell
#oneliner
#openssl
#certificates.