Name Constraints Extension

Naheed Jivani PKI Solutions Consultant

The Name Constraints extension indicates to the relying party what namespaces are acceptable for the various hierarchical name forms such as DN, DNS names, URL, IP address, RFC 822 names, UPN, etc.  The extension is only valid for a CA certificate.  There are two components for this as defined in https://tools.ietf.org/html/rfc5280#section-4.2.1.10 as: Permitted Subtree(s):  This…

Read More

OCSP Magic Number

Naheed Jivani PKI Solutions Consultant

The magic number is a value that states when CRLs will be processed over OCSP, specifically it is when the total number of cached OCSP responses from a single OCSP responder URL on behalf of a single certificate authority will stop performing OCSP and start processing CRLs. This will occur if the number of cached…

Read More

SSL Certificate Verifier Tool v1.5.4 update

Vadims Podans PKI Developer

Hello everyone! This week, we help a “Validating SSL Certificates the Easy Way” webinar where we talked about common SSL/TLS and displayed our free and open source SSL Certificate Verifier tool in action with new features. Previous version of the tool was GUI-only and lacked exportable reports and any automation/scripting capabilities. I’ve addressed these limitations…

Read More

Announcing the Online PKI Assessmental Portal

Guy on Laptop PKI Assessment Portal

I am extremely proud to announce that today we have launched our Online PKI Assessment Portal. This new service is the first of its kind to offer online, automated, self-paced review and assessments of Microsoft ADCS based PKIs. We have been performing onsite PKI Assessments for customers for years now. Typically focused on the design,…

Read More

Changes to SSL/TLS Certificate Validity Periods – September 2020

Validity Period Changes to SSL/TLS Certificate PKI

It was recently announced that Google Chrome will be joining Apple Safari in implementing a change to publicly trusted SSL/TLS certificates. This change, however, will impact organizations operating their own internal PKI as well. While the change was initially submitted to the official CA/Browser Forum, the vote failed last year. However, both Apple and Google…

Read More