A list of puns related to "X.509 Certificate"
Hello everyone,
I installed Linux Mint some hours ago. Everything went fine until it updated. After I rebooted it says "integrity: Problem loading X.509 certificate -65" and after that it just black screens.
I didn't install anything, just updated the system. I use an Lenovo Ideapad 3 15ADA05.
Thank you in advance.
This shows before boot animation(playmounth) starting. I happened to know it's due to Secure Boot enabled. Can somehow fix this with Secure Boot enabled?
While doing some research I discovered that PGP supports generating x.509 certificates that need to be signed by a CA. Has anyone used PGP in this manner? I'm curious to know if signing a person's certificate will automatically sign the user's certificate with the CA key. Does fulfilling the CSR add the CA key as a designated revoker of the key?
A provider is requiring me to have a certificate to connecto to their API. They specifically state we need a "X.509 personal authentication certificate issued by Sectigo". I cannot use self signed certificates.
Sectigo does not sell certificates that, to my unexperienced self, matches that description.
Or is this something I can create if I use their "Certificate Manager"?
Thanks in advance.
I am having trouble understanding the differences between the formats and when to use them. Does anyone has recommended reading for this topic? I did google a bit, but I was unable to find anything that was helpful.
We have over 1000 remote locations that each have a HP ML-class server with iLO. Rapid7 is reporting most of them having vulnerability "X.509 Certificate Subject CN Does Not Match the Entity Name":
https://www.rapid7.com/db/vulnerabilities/certificate-common-name-mismatch/
This is due to the self-issued certificate in iLO not having the correct subject name. In a lot of cases the certificate is the iLO S/N (so certificate issued at manufacture) and in some cases the server had a correct certificate but was later renamed and now the certificate doesn't match. I was able to log in to iLO, find the certificate, click the Remove button, then restart iLO and it reissued a certificate with the correct CN. However, I need to do this another 500 or so times. I have not been able to find any combination of the HP iLO PowerShell cmdlets to accomplish this task programmatically.
Is there any way to programmatically remove the indicated certificate and restart iLO? Ideally, there would also be a scripted way to detect this condition then we could create a SCCM Configuration Baseline that would run on the server and, when it detects a bad certificate, fixes itself.
Ran into this question a few times:
Windows has an installed certificate and private key, but the private key is marked as non-exportable, even as administrator I cannot get it to export.
Is there any way to still export it?
Yes there is. Provided the private key is not on a TPM or smartcard, this tool will allow you to export any certificate and private key, even when its marked as non-exportable:
https://github.com/iSECPartners/jailbreak
Hi All,
I want to use a Smart Card for Login purposes (Windows). There for it needs to store a X.509 Certificate.
I know this Card here should work :
I ask myself if there are cheaper compatible Smart Cards around that would work for the purpose of being easy writeable and can keep a self-signed X.509?
Linux mint is working flawlessly but this pops for an instant while booting, should I be worried ? (mint 20, didn't happen with mint 19).
I have performed a clean install of Tumbleweed and every time I boot I see this error: "integrity : problem loading x.509 certificate -65" I looked for the reasons why it happens and I found that the problem is caused by a UEFI certificate. If I run "mokutil --db" the last key is unknown. So is there a way that I can remove the certificate?
Hoping this is the right sub!!! (Please please please.) Iβm looking for a Digital Certificate that meets the requirements for TX Online Notary... but the state cannot refer me to a provider.
Requirements: Issued by a third party provider Must use PKI Must be X.509 compliant When affixed to a document, must render any subsequent changes as evident
Many thanks, /Crypto!
++++++++ updated ++++++++
I did get a returned call from IdenTrust and they claim that their βIGC Basic Assuranceβ digital certificate meets the minimum requirements. What the heck. If it doesnβt work, then Iβll let AMEX go to bat for me.
Thanks, /Crypto!
Hey there... So I have been playing around with X.509 certificates and I started my own certificate authority in my homelab. I got my devices to trust my CA root certificate. Now I'd like to be able to do WPA2 Enterprise on my WiFi network, with EAP-TLS (which I think is supported by a lot of devices at this point).
I'm sure this project will involve setting up a FreeRADIUS server.
My hunch is that the big challenge here will be getting client certificates to devices. For example, I'd love to be able to issue short-lived client certificates to guests when they come over, maybe via a captive portal?
Whatever I do, it's probably not going to be as easy as having them open the camera on their phone and point at a QR code with my WiFI info on it. But I'd love to make it as easy as possible. Has anyone set something like this up? Is EAP-TLS the best option? (I know there's EAP-PEAP and EAP-TTLS also.) Any tips or resources?
When I try to boot I get sent to emergency mode with the following error at the top. I have tried UEFI boot mode with secure boot disabled, but no difference. When I switch to legacy mode I get "pxe-media test failiure", and don't even get into emergency mode. I switched back to UEFI. There was this one time when I randomly repeatedly just did "systemctl default" to exit emergency mode and it worked (logged in and everything), but can't reproduce it.
At this point I was afraid that my drive had failed so I did a badblocks test (sudo badblocks -sv <drive>). I have a primary SSD with my OS Ubuntu, and a secondary HDD. My SSD showed no errors. My HDD is quite big and I didn't have the patience to let badblocks do its thing, but there seems to be at least 17 badblocks (at 5% in). However, since my OS is on my SSD I cannot see how this would stop me from booting.
Edit1: Ok I was booting my laptop on my USB and got a notification saying that my secondary HDD was "about to fail soon". So I guess it solves that? But as I stated earlier, my OS is on my primary SSD so Idk why it would affect my booting. However, I migrated my home folder (and consequently a few other stuff over the years) to my secondary drive to save space, so perhaps something essential got shifted to my HDD? IDK still seems weird to me.
Edit: Another thing is, I have a way to safely backup my files, so erasing and reinstalling ubuntu is an option for me. Given that, would that be something that could solve this problem if all else fails?
Hey everyone
I'm very new to all of this, but I'm interested in understanding what x.509 is and how to understand the data from such a certificate.
I'd like to know how to see what port the certificate was served, how I can see the trust anchor and how I would go about making a certificate signing request.
I hope someone can help me with this!
Hey, I hope this is the right subreddit for my question.
We need to implement login using client certificate for one of our projects and I am not sure what data from cert. should be saved to identify a user. We will be using not-self-signed certificates.
My guess would be to store cert's serial number as UID and connect it to a user. Is that correct?
What happens when cert. becomes expired or is close to expiration date?
Thanks!
Hello, fellow Chrome OS users. I recently got a Pixelbook for work, and I've figured out how to do everything I did with my Windows laptop with one exception - I can't figure out how to sign a PDF. Every couple of weeks, I need to sign a PDF. On Windows, I have Acrobat. I can import my PKCS #12 file (.p12) that has my private key and my certificate. I can then click on the signature line in a PDF and sign it.
There is lots of information online about how to 'sign' a PDF, i.e. how to use your finger to draw your signature on a PDF. That's nice, and that's what the Acrobat app for Android does (and it does it on Chrome OS, too). There's also lots of information online about how to use PGP to sign a file (including a PDF) by creating a separate signature file. Also nice, also can be done in the Linux VM on Chrome OS, also not what I want.
It's been years since I needed to use WINE, but I figure out how to get it to install and run the Windows version of Acrobat DC. Everything works, right up until I try and give it the information about the PKCS#12 file. At that point, none of the text boxes appear. The window to add the certificate is there, but it's empty.
Am I correct in assuming that there still isn't a good solution that replaces Acrobat in this use case in late 2018? Has anyone else figured this out?
I have read here https://brage.bibsys.no/xmlui//handle/11250/143950 that, while Tor relays use standard TLS, they do it with self-signed X.509 certificates (rather than certificates provided by an external trusted Certificate Authority). The above source also says that the relays rotate the certs enormously fast (every 2 hours compared to 3 years by CAs).
I think I understand why certs from external CAs are not used (can be used in de-anonymization and other attacks) but I am confused about these self signed certs. The function of the certs is enable the relays to authenticate (prove that they are who they say they are when they respond to connection requests). Self-signed certs do not do that. So when a Tor client contacts a relay, or a relay contacts another relay in the circuit-building process, how do they prove to each other that they are who they say they are?
When I try to boot I get sent to emergency mode with the following error at the top. I have tried UEFI boot mode with secure boot disabled, but no difference. When I switch to legacy mode I get "pxe-media test failiure", and don't even get into emergency mode. I switched back to UEFI. There was this one time when I randomly repeatedly just did "systemctl default" to exit emergency mode and it worked (logged in and everything), but can't reproduce it.
At this point I was afraid that my drive had failed so I did a badblocks test (sudo badblocks -sv <drive>). I have a primary SSD with my OS Ubuntu, and a secondary HDD. My SSD showed no errors. My HDD is quite big and I didn't have the patience to let badblocks do its thing, but there seems to be at least 17 badblocks (at 5% in). However, since my OS is on my SSD I cannot see how this would stop me from booting.
Edit1: Ok I was booting my laptop on my USB and got a notification saying that my secondary HDD was "about to fail soon". So I guess it solves that? But as I stated earlier, my OS is on my primary SSD so Idk why it would affect my booting. However, I migrated my home folder (and consequently a few other stuff over the years) to my secondary drive to save space, so perhaps something essential got shifted to my HDD? IDK still seems weird to me.
Edit: Another thing is, I have a way to safely backup my files, so erasing and reinstalling ubuntu is an option for me. Given that, would that be something that could solve this problem if all else fails?
Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.