Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Another Certificate question
Special Forums Cybersecurity Another Certificate question Post 302912035 by Perderabo on Tuesday 5th of August 2014 11:04:45 AM
Old 08-05-2014
In the first case, Verisign has given a certificate to SomeSmallerCA. If you trust Verisign, you can be sure that you are talking to SomeSmallerCA. This does not mean that Verisign assures you that SomeSmallerCA knows what they are doing. So in the first example you have to trust that SomeSmallerCA has verified that example.com is who they say they are. The Verisign certificate only guarantees that you are talking to SomeSmallerCA.

In the second example Verisign is saying that they did an extended validation. There are two levels of validation and "extended" is the better of the two. I'm not sure of the details.
 

10 More Discussions You Might Find Interesting

1. Forum Support Area for Unregistered Users & Account Problems

Unix Certificate

TO WHOM IT MAY CONCERN: I am Ayanda Fuzile, I would like to request my UNIX Certificate, I completed my course in 2000. My email adress is removed, my postal adress is also removed. Kind Regards, Ayanda Fuzile (1 Reply)
Discussion started by: afuzile
1 Replies

2. UNIX for Advanced & Expert Users

decryption using digital certificate

A client application is encrypting a text using private key and sends through socket. My application(server written in c/c++,unix) receives the chiper-text through socket. I have client's digital certificate. now, how do I decrypt(may be using openssl library) this ciper-text using client's... (1 Reply)
Discussion started by: johnbach
1 Replies

3. Web Development

SSL certificate

Dear All Anyone know how to issue two different certification on apache virtualhost fyi i have one virtualhost eg 69.192.1.25:443 already signed with verisign how can i configure another virtualhost 69.192.1.25:443 which signing with another certificate which self signing. i search net not... (1 Reply)
Discussion started by: netxus
1 Replies

4. Cybersecurity

SSL certificate

Hi guys. I have some questions about ssl certificates. I looked at SSL providers and saw that they are providing 2 types of certificates: per server or per domain. my server host name is: srv1.example.com I have a smtp, imap, web server on this box. but all services accessed by different... (1 Reply)
Discussion started by: majid.merkava
1 Replies

5. UNIX for Dummies Questions & Answers

Is it possible to extract a certificate chain?

Hi all! I wanted to look at the key length of a certificate chain we have. When I do the conventional export command using keytool I will only get the end user cert. keytool -export -alias aliasname -file filename.cer -keystore keystorename The above code will only give me the end user... (2 Replies)
Discussion started by: Keepcase
2 Replies

6. Cybersecurity

question about certificate for domain

Hi, I would like to know if certificate for mydomain.com would work as well for www.mydomain.com and for all subdomain of example.com? I ask this because I want to buy a certificate and I was not what domain should I ask the certificate for? (0 Replies)
Discussion started by: programAngel
0 Replies

7. Cybersecurity

SSL Certificate Stores

Hey everyone, I'm trying to get a lay of the land for OS and Application Certificate Stores. Can someone confirm that I have this concept right? If the application you're using say Firefox has it's own trusted CA store, it uses that exclusively. So if you're running firefox in Windows, Firefox... (4 Replies)
Discussion started by: Lost in Cyberia
4 Replies

8. HP-UX

Sendmail TLS and Certificate?

We are running HP-UX 11v1 and are about to upgrade sendmail to 8.13.3 to allow support for TLS. Enabling TLS seems pretty straightforward, but I'm wondering if an SSL certificate is required for this. Our MS Exchange server does use a certificate. Do I need to arrange for a public certificate to... (3 Replies)
Discussion started by: jduehmig
3 Replies

9. UNIX for Advanced & Expert Users

Does vsftpd support user access with client certificate with priv/pub key + vsftpd certificate?

:rolleyes:I am trying to setup all certificate based client-server environment in Linux using vsftpd and curl with openssl. I would like to make a user access with vsftpd certificate and user own client certificate (self-signed) with private/public key. I don't see google posts about the my plan... (4 Replies)
Discussion started by: gogogo
4 Replies

10. Shell Programming and Scripting

Grep from a certificate

I can view the openSSL certifcate with this command openssl x509 -text -in myCertificate.pem I just wanted to see when the cert will expire only. The line which I want to read is, Not After : Jul 28 14:09:57 2015 GMT I tried using the grep command but it doesn't display anything. grep... (1 Reply)
Discussion started by: Loc
1 Replies

LEARN ABOUT MOJAVE

curlopt_proxy_ssl_verifypeer

CURLOPT_PROXY_SSL_VERIFYPEER(3) 			     curl_easy_setopt options				   CURLOPT_PROXY_SSL_VERIFYPEER(3)

NAME

       CURLOPT_PROXY_SSL_VERIFYPEER - verify the proxy's SSL certificate

SYNOPSIS

       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_VERIFYPEER, long verify);

DESCRIPTION

       Pass a long as parameter set to 1L to enable or 0L to disable.

       This  option  tells curl to verifies the authenticity of the HTTPS proxy's certificate. A value of 1 means curl verifies; 0 (zero) means it
       doesn't.

       This is the proxy version of CURLOPT_SSL_VERIFYPEER(3) that's used for ordinary HTTPS servers.

       When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. Curl verifies whether the certificate	is
       authentic,  i.e.  that  you  can trust that the server is who the certificate says it is.  This trust is based on a chain of digital signa-
       tures, rooted in certification authority (CA) certificates you supply.  curl uses a default bundle of CA certificates (the path for that is
       determined at build time) and you can specify alternate certificates with the CURLOPT_PROXY_CAINFO(3) option or the CURLOPT_PROXY_CAPATH(3)
       option.

       When CURLOPT_PROXY_SSL_VERIFYPEER(3) is enabled, and the verification fails to prove that the  certificate  is  authentic,  the	connection
       fails.  When the option is zero, the peer certificate verification succeeds regardless.

       Authenticating  the  certificate is not enough to be sure about the server. You typically also want to ensure that the server is the server
       you mean to be talking to.  Use CURLOPT_PROXY_SSL_VERIFYHOST(3) for that. The check that the host name in the certificate is valid for  the
       host name you're connecting to is done independently of the CURLOPT_PROXY_SSL_VERIFYPEER(3) option.

       WARNING: disabling verification of the certificate allows bad guys to man-in-the-middle the communication without you knowing it. Disabling
       verification makes the communication insecure. Just having encryption on a transfer is not enough as you cannot be sure that you are commu-
       nicating with the correct end-point.

DEFAULT

       1

PROTOCOLS

       All

EXAMPLE

       CURL *curl = curl_easy_init();
       if(curl) {
	 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");

	 /* Set the default value: strict certificate check please */
	 curl_easy_setopt(curl, CURLOPT_PROXY_SSL_VERIFYPEER, 1L);

	 curl_easy_perform(curl);
       }

AVAILABILITY

       Added in 7.52.0

       If built TLS enabled.

RETURN VALUE

       Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

       CURLOPT_PROXY_SSL_VERIFYHOST(3), CURLOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3),

libcurl 7.54.0							 December 16, 2016				   CURLOPT_PROXY_SSL_VERIFYPEER(3)
All times are GMT -4. The time now is 05:39 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy