Visit Our UNIX and Linux User Community

Full Discussion: Another Certificate question
Special Forums Cybersecurity Another Certificate question Post 302912035 by Perderabo on Tuesday 5th of August 2014 11:04:45 AM
Old 08-05-2014
In the first case, Verisign has given a certificate to SomeSmallerCA. If you trust Verisign, you can be sure that you are talking to SomeSmallerCA. This does not mean that Verisign assures you that SomeSmallerCA knows what they are doing. So in the first example you have to trust that SomeSmallerCA has verified that example.com is who they say they are. The Verisign certificate only guarantees that you are talking to SomeSmallerCA.

In the second example Verisign is saying that they did an extended validation. There are two levels of validation and "extended" is the better of the two. I'm not sure of the details.
 

10 More Discussions You Might Find Interesting

1. Forum Support Area for Unregistered Users & Account Problems

Unix Certificate

TO WHOM IT MAY CONCERN: I am Ayanda Fuzile, I would like to request my UNIX Certificate, I completed my course in 2000. My email adress is removed, my postal adress is also removed. Kind Regards, Ayanda Fuzile (1 Reply)
Discussion started by: afuzile
1 Replies

2. UNIX for Advanced & Expert Users

decryption using digital certificate

A client application is encrypting a text using private key and sends through socket. My application(server written in c/c++,unix) receives the chiper-text through socket. I have client's digital certificate. now, how do I decrypt(may be using openssl library) this ciper-text using client's... (1 Reply)
Discussion started by: johnbach
1 Replies

3. Web Development

SSL certificate

Dear All Anyone know how to issue two different certification on apache virtualhost fyi i have one virtualhost eg 69.192.1.25:443 already signed with verisign how can i configure another virtualhost 69.192.1.25:443 which signing with another certificate which self signing. i search net not... (1 Reply)
Discussion started by: netxus
1 Replies

4. Cybersecurity

SSL certificate

Hi guys. I have some questions about ssl certificates. I looked at SSL providers and saw that they are providing 2 types of certificates: per server or per domain. my server host name is: srv1.example.com I have a smtp, imap, web server on this box. but all services accessed by different... (1 Reply)
Discussion started by: majid.merkava
1 Replies

5. UNIX for Dummies Questions & Answers

Is it possible to extract a certificate chain?

Hi all! I wanted to look at the key length of a certificate chain we have. When I do the conventional export command using keytool I will only get the end user cert. keytool -export -alias aliasname -file filename.cer -keystore keystorename The above code will only give me the end user... (2 Replies)
Discussion started by: Keepcase
2 Replies

6. Cybersecurity

question about certificate for domain

Hi, I would like to know if certificate for mydomain.com would work as well for www.mydomain.com and for all subdomain of example.com? I ask this because I want to buy a certificate and I was not what domain should I ask the certificate for? (0 Replies)
Discussion started by: programAngel
0 Replies

7. Cybersecurity

SSL Certificate Stores

Hey everyone, I'm trying to get a lay of the land for OS and Application Certificate Stores. Can someone confirm that I have this concept right? If the application you're using say Firefox has it's own trusted CA store, it uses that exclusively. So if you're running firefox in Windows, Firefox... (4 Replies)
Discussion started by: Lost in Cyberia
4 Replies

8. HP-UX

Sendmail TLS and Certificate?

We are running HP-UX 11v1 and are about to upgrade sendmail to 8.13.3 to allow support for TLS. Enabling TLS seems pretty straightforward, but I'm wondering if an SSL certificate is required for this. Our MS Exchange server does use a certificate. Do I need to arrange for a public certificate to... (3 Replies)
Discussion started by: jduehmig
3 Replies

9. UNIX for Advanced & Expert Users

Does vsftpd support user access with client certificate with priv/pub key + vsftpd certificate?

:rolleyes:I am trying to setup all certificate based client-server environment in Linux using vsftpd and curl with openssl. I would like to make a user access with vsftpd certificate and user own client certificate (self-signed) with private/public key. I don't see google posts about the my plan... (4 Replies)
Discussion started by: gogogo
4 Replies

10. Shell Programming and Scripting

Grep from a certificate

I can view the openSSL certifcate with this command openssl x509 -text -in myCertificate.pem I just wanted to see when the cert will expire only. The line which I want to read is, Not After : Jul 28 14:09:57 2015 GMT I tried using the grep command but it doesn't display anything. grep... (1 Reply)
Discussion started by: Loc
1 Replies
CURLOPT_SSL_VERIFYPEER(3)				     curl_easy_setopt options					 CURLOPT_SSL_VERIFYPEER(3)

NAME
CURLOPT_SSL_VERIFYPEER - verify the peer's SSL certificate SYNOPSIS
#include <curl/curl.h> CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_VERIFYPEER, long verify); DESCRIPTION
Pass a long as parameter to enable or disable. This option determines whether curl verifies the authenticity of the peer's certificate. A value of 1 means curl verifies; 0 (zero) means it doesn't. When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. Curl verifies whether the certificate is authentic, i.e. that you can trust that the server is who the certificate says it is. This trust is based on a chain of digital signa- tures, rooted in certification authority (CA) certificates you supply. curl uses a default bundle of CA certificates (the path for that is determined at build time) and you can specify alternate certificates with the CURLOPT_CAINFO(3) option or the CURLOPT_CAPATH(3) option. When CURLOPT_SSL_VERIFYPEER(3) is enabled, and the verification fails to prove that the certificate is authentic, the connection fails. When the option is zero, the peer certificate verification succeeds regardless. Authenticating the certificate is not enough to be sure about the server. You typically also want to ensure that the server is the server you mean to be talking to. Use CURLOPT_SSL_VERIFYHOST(3) for that. The check that the host name in the certificate is valid for the host name you're connecting to is done independently of the CURLOPT_SSL_VERIFYPEER(3) option. WARNING: disabling verification of the certificate allows bad guys to man-in-the-middle the communication without you knowing it. Disabling verification makes the communication insecure. Just having encryption on a transfer is not enough as you cannot be sure that you are commu- nicating with the correct end-point. DEFAULT
By default, curl assumes a value of 1. PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. EXAMPLE
CURL *curl = curl_easy_init(); if(curl) { curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); /* Set the default value: strict certificate check please */ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L); curl_easy_perform(curl); } AVAILABILITY
If built TLS enabled. RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. SEE ALSO
CURLOPT_SSL_VERIFYHOST(3), CURLOPT_PROXY_SSL_VERIFYPEER(3), CURLOPT_PROXY_SSL_VERIFYHOST(3), libcurl 7.54.0 February 09, 2017 CURLOPT_SSL_VERIFYPEER(3)

Featured Tech Videos

All times are GMT -4. The time now is 11:46 PM.
Unix & Linux Forums Content Copyright 1993-2021. All Rights Reserved.
Privacy Policy