Skip to content

Certificate Validation

The PKI Guy talks identity management with Jay Schiavo of Entrust Datacard

Q&A with Jay Schiavo, vice president of Entrust Certificate Services Markets, Entrust Datacard TPG: How will nCipher Security strengthen Entrust Datacard’s offering to secure data and verify identities, and reduce risks? JS: The acquisition of the nCipher general purpose HSM business allows Entrust Datacard to provide our customers with solutions that exceed expectations for high-assurance use cases…

Read More

Certificate Requirements for Apple iOS 13 & macOS 10.15

When the next iOS and macOS major update arrives this fall to iPhones, iPads and Macs there will be changes that impact environments with TLS certificates not current with standards. Certificates with key lengths shorter than 2048, those signed with a SHA1 algorithm, and certificates without the DNS name in the subject alternative name (SAN)…

Read More

Ignore Revocation Checking – The bane of my existence!

As students in my PKI training classes know, one of the areas I am a vocal about is the blind use of the CRLF_REVCHECK_IGNORE_OFFLINE setting in a PKI environment. I am so adamantly against the use of this setting, I personally refuse to ever explicitly share or type the syntax to enable this nasty beast.…

Read More

RSASSA-PSS – Why Your Certificate Can’t Be Validated

A common theme has been arriving in my email box lately as well as many online forums. Consistently people are reporting error with certificates issued by their internal Microsoft ADCS based CAs. Problems range from Apple devices, Firefox, appliances and many other systems. When people examine their certificates they see that their certificates are SHA…

Read More
Scroll To Top