home.social

#certificateauthority — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #certificateauthority, aggregated by home.social.

  1. Let's #Encrypt rolls out free IP address #certificates • The Register

    Let's Encrypt, a #CertificateAuthority (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses.

    It's not the first CA to do so. #PositiveSSL , #Sectigo, and #GeoTrust all offer TLS/SSL certificates for use with IP addresses, at prices ranging from $40 to $90 or so annually. But Let's Encrypt does so at no cost.
    #security #tls #ssl #privacy

    theregister.com/2025/07/03/let

  2. Let's #Encrypt rolls out free IP address #certificates • The Register

    Let's Encrypt, a #CertificateAuthority (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses.

    It's not the first CA to do so. #PositiveSSL , #Sectigo, and #GeoTrust all offer TLS/SSL certificates for use with IP addresses, at prices ranging from $40 to $90 or so annually. But Let's Encrypt does so at no cost.
    #security #tls #ssl #privacy

    theregister.com/2025/07/03/let

  3. Let's #Encrypt rolls out free IP address #certificates • The Register

    Let's Encrypt, a #CertificateAuthority (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses.

    It's not the first CA to do so. #PositiveSSL , #Sectigo, and #GeoTrust all offer TLS/SSL certificates for use with IP addresses, at prices ranging from $40 to $90 or so annually. But Let's Encrypt does so at no cost.
    #security #tls #ssl #privacy

    theregister.com/2025/07/03/let

  4. Let's rolls out free IP address • The Register

    Let's Encrypt, a (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses.

    It's not the first CA to do so. , , and all offer TLS/SSL certificates for use with IP addresses, at prices ranging from $40 to $90 or so annually. But Let's Encrypt does so at no cost.

    theregister.com/2025/07/03/let

  5. Let's #Encrypt rolls out free IP address #certificates • The Register

    Let's Encrypt, a #CertificateAuthority (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses.

    It's not the first CA to do so. #PositiveSSL , #Sectigo, and #GeoTrust all offer TLS/SSL certificates for use with IP addresses, at prices ranging from $40 to $90 or so annually. But Let's Encrypt does so at no cost.
    #security #tls #ssl #privacy

    theregister.com/2025/07/03/let

  6. Hm, do Firefox and Vivaldi really not accept my system-wide custom CA(s)? On Windows, at least Firefox works fine if you set “security.enterprise_roots.enabled” to true, but on Linux it doesn't seem to make any difference. While in Firefox I can at least import a custom CA, I can't find anything similar in Vivaldi. 🤔

    #firefox #vivaldi #ca #linux #certificateAuthority

  7. Got the notification by #LetsEncrypt that they will sunset the #email #certificate expiration warning. Albeit, I am a fan of it, since I have not automated all of my certificates, I can understand their argument of complexity of a system.

    Albeit, I don't get, how this service costs an organization tens of thousands of dollars a year, but I do understand that operating #mail servers yourself is something the modern #Internet discourages increasingly.

    More on it, in their latest blog post.

    #TLS #CertificateAuthority

  8. And, after some hard work, and a few struggles with #Docker, #DNS and #Firewall rules, I finally have been able to install #StepCA from #SmallStep on my #HomeLab, so now I have a nice private #CertificateAuthority with which I can use #Certbot to manage my service certificates in a #LetsEncrypt style. Took a lot of notes. Blog post will come eventually! (too tired right now)
    smallstep.com/docs/step-ca/

  9. Well, there goes that idea... I had no idea that Kubes had so many certificates/CA roles. Let's Encrypt won't sign sub CA (which makes sense), so I'll have to rely on my CA stack in Vault.

    Now I have a new problem... do I split my dns/certs into lab.fqdn.dev and fqdn.local (where the .dev DNS uses Lets Encrypt and the .local uses Vault?)

    If so, I'll need to add a new layer to my DNS automation and create a new fqdn.local domain in PowerDNS...

    What a fun way to spend Christmas Eve Eve.

    #kubernetes #hashicorpvault #certificateauthority #letsencrypt #homelab

  10. Today, I stumbled upon my first find of a #domain squatting. Without going into details, who it was, I would still like to share the giveaways, how I spotted it:

    Firstly, the original domain was a .com, whereas the imposter had the same name, but on a #ngTLD which provides a fairly cheap first-year pricing model.

    Secondly, resolving the original domain name returned two A records, which is not uncommon for redundancy reasons. Both IPs were hosted in the same large #cloud provider. In contrast, the squatter had only a single A record, in a different ASN.

    Let's stay in #DNS: The NS records of the squatter also pointed to different nameservers than the victim.

    Additionally, the original website forwarded any http request to the #https endpoints and also had a nice little chat popping up, when visiting the website. The squatter website looked exactly the same, however had no forwarding to HTTPS, neither the dynamic elements of the website such as the chat.

    Another give-away was the #certificateauthority. The original website used a commercial CA, whereas the imposter used the non-profit certificate authority #LetsEncrypt. Nothing wrong with LetsEncrypt, but it is a logical choice for adversaries since it signs domain names free of charge.

    And last but not least, the #whois lookups for both domains point to different registries and different abuse contacts.

    What I try to share in this post: There are many indicators for domain squatting or #phishing sites. One has to pay attention to details, and there are multiple indicators for a malicious website. Just from the looks, the imposter was indistinguishable from the original. Yet, the details gave it away. The right people were informed, and it will be taken care of. Have a good rest of the weekend, everyone!

  11. I'm out of practice on all things web tech, it's been just over two years since I got fired, but I did get compatible versions of #PHP, #MySQL, and #WordPress installed and running on my laptop (2016 #MacBookPro running #Monterey/ #MacOS 13) today, most of it from the command line.

    It was a struggle at some points, particularly troubleshooting the MySQL WordPress connection and learning how to generate my own local #CertificateAuthority and signing PHP.

    Next: configure #SSL, another new task

  12. PGPainless meets the Web-of-Trust

    We are very proud to announce the release of PGPainless-WOT, an implementation of the OpenPGP Web of Trust specification using PGPainless.

    Big thanks to Heiko for his valuable contributions and the great boost in motivation working together gave me 🙂
    Also big thanks to NLnet for sponsoring this project in such a flexible way.
    Lastly, thanks to Wiktor for his talent to connect people 😀

    https://blog.jabberhead.tk/2023/07/25/pgpainless-meets-the-web-of-trust/

    #certificateauthority #gpg #openpgp #pgp #pgpainless #pgpki #sequoia #weboftrust #wot

  13. @arichtman as far as understand:

    1) Go to a commercial #certificateAuthority and get an #email signing #certificate.
    2) Download the certificate to an „Offline storage (e.g. usb in safe)“
    3) Add this cert to a #Fido2 #key (if paranoia level is medium to high) otherwise to your local installed email clients. (Attention not every key has the capability… see docs.google.com/spreadsheets/d)
    4) Send a signed mail to your contacts (they have to save the pub keys)
    5) Send the encrypted mails to your contacts

    Problem I see: many clients e.g. outlook are crappy in handling pgp. Is there good ones as well?

    I am also interested in a good guide!

  14. Of course, now that I’ve laboriously set up my , I am finding that and the apps for and don’t integrate easily via custom servers or otherwise. 🤦‍♂️

  15. Happy that I’ve successfully set up my own local and with . I imported a root chain that I generated on my own separately.

    From this, I learned that StepCA did not like the human-readable headings — above the “BEGIN CERTIFICATE” statements — in .crt/.pem files that generated. I don’t know they are called or any CLI option that added them to the files. However, when I removed the headers, the StepCA server started without error.

  16. There are only two without remaining, which I'll switch too. , my and is serving their pages using ssl already.

  17. Heio new #federation campers!

    Been over six-months since I've posted an #introduction so here goes. :-) (This is basically a copy pasta from my profile LOL)

    I have zero tolerance for bullshit.

    On September 2nd I retired from my job as an #InfoSec Analyst. My areas of focus were #PKI (I managed the Company's #CertificateAuthority), #CertificateLifecycleManagement ( #CLM ), #VulnMgmt, and hardening #UNIX/ #Linux Systems.

    Today I'm working a contract-gig for the next three months helping out a large multi-national manage their #PKI.

    My passions are #privacy, #cyberdecks, #security, #uspolitics, #traveling, #graphicarts, #mesh/ #p2p networking, and social media.

    When it comes to privacy and security, I am a pragmatist and a realist.

    The World is not black & white.

    I recognize this, and I appreciate this.

    Unfortunately, this puts me at direct odds with those whose only world view is their own and they can't comprehend any other.

    I am a #demsocialist.

    I am also an #atheist.

    Reading the Bible turned me into an atheist.

    Frankly, I find it impossible for anyone to have read the Bible and not be an atheist.

    If somebody tells me they have read the Bible and are not an atheist I'm fairly sure they're lying.

    Either about having read the Bible, or about being an atheist.

    Live each day like it might be your last.

    Make your life count.

    Live a life that people will want to remember you for.

    Tomorrow is never guaranteed.

    Let's see what else about me...

    I'm #INTJ. I'm also #LGBTQ. Something I don't normally share publicly because my sexuality doesn't define me and frankly it's nobody's business, but I am gay.

    I'm *not* an anarchist.

    -----

    And what's NOT in my profile which I probably should add is that it annoys me to no end when people equate #Mastodon with the #fediverse and act like there's not an entire universe of other projects that are often many times better.

    Bofh.social is my instance and it runs Pleroma with the Soapbox UI. The instance is primarily for me, but anyone is welcome to join so long as you're not a nazi, bigot, RWNJ, or a fascist.
  18. Heio new #federation campers!

    Been over six-months since I've posted an #introduction so here goes. :-) (This is basically a copy pasta from my profile LOL)

    I have zero tolerance for bullshit.

    On September 2nd I retired from my job as an #InfoSec Analyst. My areas of focus were #PKI (I managed the Company's #CertificateAuthority), #CertificateLifecycleManagement ( #CLM ), #VulnMgmt, and hardening #UNIX/ #Linux Systems.

    Today I'm working a contract-gig for the next three months helping out a large multi-national manage their #PKI.

    My passions are #privacy, #cyberdecks, #security, #uspolitics, #traveling, #graphicarts, #mesh/ #p2p networking, and social media.

    When it comes to privacy and security, I am a pragmatist and a realist.

    The World is not black & white.

    I recognize this, and I appreciate this.

    Unfortunately, this puts me at direct odds with those whose only world view is their own and they can't comprehend any other.

    I am a #demsocialist.

    I am also an #atheist.

    Reading the Bible turned me into an atheist.

    Frankly, I find it impossible for anyone to have read the Bible and not be an atheist.

    If somebody tells me they have read the Bible and are not an atheist I'm fairly sure they're lying.

    Either about having read the Bible, or about being an atheist.

    Live each day like it might be your last.

    Make your life count.

    Live a life that people will want to remember you for.

    Tomorrow is never guaranteed.

    Let's see what else about me...

    I'm #INTJ. I'm also #LGBTQ. Something I don't normally share publicly because my sexuality doesn't define me and frankly it's nobody's business, but I am gay.

    I'm *not* an anarchist.

    -----

    And what's NOT in my profile which I probably should add is that it annoys me to no end when people equate #Mastodon with the #fediverse and act like there's not an entire universe of other projects that are often many times better.

    Bofh.social is my instance and it runs Pleroma with the Soapbox UI. The instance is primarily for me, but anyone is welcome to join so long as you're not a nazi, bigot, RWNJ, or a fascist.
  19. Heio new #federation campers!

    Been over six-months since I've posted an #introduction so here goes. :-) (This is basically a copy pasta from my profile LOL)

    I have zero tolerance for bullshit.

    On September 2nd I retired from my job as an #InfoSec Analyst. My areas of focus were #PKI (I managed the Company's #CertificateAuthority), #CertificateLifecycleManagement ( #CLM ), #VulnMgmt, and hardening #UNIX/ #Linux Systems.

    Today I'm working a contract-gig for the next three months helping out a large multi-national manage their #PKI.

    My passions are #privacy, #cyberdecks, #security, #uspolitics, #traveling, #graphicarts, #mesh/ #p2p networking, and social media.

    When it comes to privacy and security, I am a pragmatist and a realist.

    The World is not black & white.

    I recognize this, and I appreciate this.

    Unfortunately, this puts me at direct odds with those whose only world view is their own and they can't comprehend any other.

    I am a #demsocialist.

    I am also an #atheist.

    Reading the Bible turned me into an atheist.

    Frankly, I find it impossible for anyone to have read the Bible and not be an atheist.

    If somebody tells me they have read the Bible and are not an atheist I'm fairly sure they're lying.

    Either about having read the Bible, or about being an atheist.

    Live each day like it might be your last.

    Make your life count.

    Live a life that people will want to remember you for.

    Tomorrow is never guaranteed.

    Let's see what else about me...

    I'm #INTJ. I'm also #LGBTQ. Something I don't normally share publicly because my sexuality doesn't define me and frankly it's nobody's business, but I am gay.

    I'm *not* an anarchist.

    -----

    And what's NOT in my profile which I probably should add is that it annoys me to no end when people equate #Mastodon with the #fediverse and act like there's not an entire universe of other projects that are often many times better.

    Bofh.social is my instance and it runs Pleroma with the Soapbox UI. The instance is primarily for me, but anyone is welcome to join so long as you're not a nazi, bigot, RWNJ, or a fascist.
  20. Heio new #federation campers!

    Been over six-months since I've posted an #introduction so here goes. :-) (This is basically a copy pasta from my profile LOL)

    I have zero tolerance for bullshit.

    On September 2nd I retired from my job as an #InfoSec Analyst. My areas of focus were #PKI (I managed the Company's #CertificateAuthority), #CertificateLifecycleManagement ( #CLM ), #VulnMgmt, and hardening #UNIX/ #Linux Systems.

    Today I'm working a contract-gig for the next three months helping out a large multi-national manage their #PKI.

    My passions are #privacy, #cyberdecks, #security, #uspolitics, #traveling, #graphicarts, #mesh/ #p2p networking, and social media.

    When it comes to privacy and security, I am a pragmatist and a realist.

    The World is not black & white.

    I recognize this, and I appreciate this.

    Unfortunately, this puts me at direct odds with those whose only world view is their own and they can't comprehend any other.

    I am a #demsocialist.

    I am also an #atheist.

    Reading the Bible turned me into an atheist.

    Frankly, I find it impossible for anyone to have read the Bible and not be an atheist.

    If somebody tells me they have read the Bible and are not an atheist I'm fairly sure they're lying.

    Either about having read the Bible, or about being an atheist.

    Live each day like it might be your last.

    Make your life count.

    Live a life that people will want to remember you for.

    Tomorrow is never guaranteed.

    Let's see what else about me...

    I'm #INTJ. I'm also #LGBTQ. Something I don't normally share publicly because my sexuality doesn't define me and frankly it's nobody's business, but I am gay.

    I'm *not* an anarchist.

    -----

    And what's NOT in my profile which I probably should add is that it annoys me to no end when people equate #Mastodon with the #fediverse and act like there's not an entire universe of other projects that are often many times better.

    Bofh.social is my instance and it runs Pleroma with the Soapbox UI. The instance is primarily for me, but anyone is welcome to join so long as you're not a nazi, bigot, RWNJ, or a fascist.