Free Post TLS Cryptographic Agility Part 1: Server Certificates We've encountered a lot of problems of our own making in the TLS/PKI ecosystem in recent years, and whilst we've got better at dealing with them and even avoiding...
Free Post Let's Encrypt Working around expired Root Certificates Should clients care about when a Root Certificate expires? That's a bit of an odd question, and the first time I asked myself this question, the answer was a resounding...
Free Post Let's Encrypt Let's Encrypt Root Expiration - Post-Mortem Well, the Internet Apocalypse came and went! Due to the recent expiration of the Let's Encrypt intermediate and root certificates, I saw more widespread issues than I was expecting, but...
Free Post Let's Encrypt Introducing another free CA as an alternative to Let's Encrypt Let's Encrypt is an amazing organisation doing an amazing thing by providing certificates at scale, for free. The problem though was that they were the only such organisation for a...
Free Post Let's Encrypt Let's Encrypt issues new Root and Intermediate Certificates Let's Encrypt have just issued a bunch of new certificates including a new Root and several Intermediates. These will bring some significant advantages so let's dive in and take a...
Free Post Let's Encrypt Let's Encrypt postpone the ISRG Root transition I was looking forward to something happening this month in the world of PKI that has had to be postponed for the 3rd time. Let's Encrypt were going to be...
Free Post Cross-Signing Cross-Signing and Alternate Trust Paths; How They Work In my last couple of posts about CAs and Root Certificates I've talked about something called Alternate Trust Paths. As a result, many people have asked me questions about how...
Free Post Certificate Authorities The Complexities of Chain Building and CA Infrastructure In my previous blog post [https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/] I looked at the problem of expiring Root CA Certificates and why it exists and you should definitely read that...
Free Post Certificate Authorities The Impending Doom of Expiring Root CAs and Legacy Clients Regular readers will know that I'm very active in the CA / PKI space and even deliver a 2-day advanced training course [https://www.feistyduck.com/training/the-best-ssl-and-tls-training-in-the-world] on the topic....
Free Post Ubiquiti Setting up HTTPS on the UDM Pro I recently upgraded my home network to the latest generation of Ubiquiti hardware and with new hardware comes the requirement to set a couple of things up again, things like...
Follow