Android 7.1 certificates are going to expire, anyway to renew them?

starting from September android 7.1 and below users are going to have issues with the internet
so is there anyway to renew those certificates so i can use my phone properly?

tls – How to configure openssl client to only accept specific server certificates?

The practice you’re talking about is called “Certificate Pinning” (or sometimes “Public Key Pinning”) and is a common security recommendation when you control both the client and the server.

Typically this is done by configuring the TLS client code (which might be OpenSSL or some other library) to introduce a custom certificate validation step (typically a function to call when the connection is being established), and in that step you verify that the certificate presented by the server matches the one you were expecting. You might want to look at or for code samples to do this (though those are old and might be outdated); OpenSSL’s API is very easy to make mistakes with.

You might also want to read or similar, which talk about the considerations when doing pinning. In particular, you want to consider things like which cert you pin (a specific leaf cert, the root CA, or something in between) and how much of the cert you pin (pinning the whole cert seems easy but complicates re-issuing the cert with new dates or OIDs or similar, whereas simply pinning public key details provides all the security you really need in most cases). You should also consider a backup / fallback pin, to make cert rotation easier in case your primary cert gets compromised and needs to be revoked.

With all that said, there might be another option in this case. If your client (which is also a server) is only ever going to connect to this one other server, and you use an internal CA, you can configure the TLS client code to use a CA “bundle” containing just that internal CA’s cert, rather than using the system-wide CA bundle. That lets you keep using the default cert validation code, it just won’t trust any certificate that doesn’t chain to your internal CA. This is de facto the same as pinning at the CA level, but potentially much simpler (though with less fine control over the validation logic).

air travel – Is there any physician at SFO who issues fit-to-fly certificates?

As a result of the COVID-19 pandemic, to be authorized to board the plane, some countries require a COVID-19 RT-PCR test done than 48 or 72 hours prior to the departure of the flight, followed by a fit-to-fly certificate that must be signed by a physician. This makes it a bit tight to obtain a fit-to-fly certificate in time, especially if the COVID-19 RT-PCR test results take a while to be sent to the passenger. Is there any physician at SFO who issues fit-to-fly certificates?

certificates – ssh into a server with knowledge of ca bundle

I’m a novice when it comes to network security, but I’m learning. I have researched ca bundles, open ssl, ssh using certificates, etc. I get the gist of a lot of it, however, one question eludes me: Let’s say I had a ca bundle with many certificates in it, for ex ca-certificate.crt on my server. I accidentally gave this to a team of programmers I have hired. Could they theoretically use this to somehow ssh into my server or mysql db?

group policy – Signing Excel .XLSM-documents, expiring code signing certificates and trusted publishers

Short: Is there anyway to trust a certificate or publisher, so that the trust remains even after the certificate has expired?

Much longer: We develop (among other things) Excel documents for a number of customers. The documents contain VBA-macros. Before delivering the documents to our customers, we sign the documents with our code signing certificate.
The default macro settings in Excel (which all our customers stick to) will prompt the user with a security warning, even if the document is digitally signed. This is a good thing, security wise, but some of our customers’ end-users complained. Although they could click “Enable content” to make the code run, they thought it was a bit tiresome to do this many times a day.

About a year ago, we thus started to instruct these customers to configure their computers to trust our certificate (i.e. add the certificate to “Trusted publishers” on their PC:s). I don’t know exactly how this was done, but GPO:s were involved. This has the effect that “our” documents are now opened and VBA-code run without warning. Users are happy.

However, our code signing certificate just expired after two years, so we “renewed” it. (This is from DigiCert if it matters). To test the certificate, I just signed a new Excel document with the renewed certificate, uploaded it to one of our customers and tested it.
The security warning again appeared. Apparently, this new certificate isn’t trusted.
It turns out that the “renewed” certificate is actually a brand new certificate, with (as far as I understand) no connection to the previous certificate, the one that has been trusted. So, we now have to tell our customers to again configure their PC:s to trust this certificate. And every two years (it could have been three if we had bought the maximum length) this process has to be repeated.

DigiCert claims this is by nature – there is really no way to get around this. “Renewing” a certificate is actually just another word for “Getting a brand new certificate”. It has the same textual name of our company as publisher, but that’s it.
Is this true? Is there no other way around it, like extending the validity period of an expiring certificate? Or can you trust the certificate somehow differently, so that new certificates from the same “publisher” are all trusted?

Hope I made myself understood…

tls – Approach to authorizing users and X.509 certificates

I have a system where I’m using X.509 certificates to authenticate the client to the server. The certificate is sent to an HSM to be signed. When it is returned it is used as part of a TLS connection. Once the connection is established, I need to authorize the user i.e. what actions they are permitted to perform against the server.

Can I use X.509 certificates and logic on the server? If so, what field / content would I populate on the certificate and what logic would be necessary on the server?

Thank you.

timestamp – RFC3161: should tokens for which intermediate certificates were revoked without ReasonCode be deemed invalid?

RFC3161 specification ( section 4. “Security Considerations” states:

   1. When a TSA shall not be used anymore, but the TSA private key has
      not been compromised, the authority's certificate SHALL be
      revoked.  When the reasonCode extension relative to the revoked
      certificate from the TSA is present in the CRL entry extensions,
      it SHALL be set either to unspecified (0), affiliationChanged (3),
      superseded (4) or cessationOfOperation (5).  In that case, at any
      future time, the tokens signed with the corresponding key will be
      considered as invalid, but tokens generated before the revocation
      time will remain valid.  When the reasonCode extension relative to
      the revoked certificate from the TSA is not present in the CRL
      entry extensions, then all the tokens that have been signed with
      the corresponding key SHALL be considered as invalid.  For that
      reason, it is recommended to use the reasonCode extension.

Does the same also apply for intermediate certificates in the issuer chain of the TSA certificate? From one side it would make sense (if the key of the TSA’s issuer would leak, neither the TSA’s certificate nor its RCLs could be trusted). On the other hand the specification only talks about the CRL of the TSA.

So, if an intermediate certificate above the TSA is revoked with a CRL and the reasonCode extension relative to that revoked intermediate certificate is NOT present in the CRL entry extension, will that invalidate all timestamp tokens issued by this TSA?

On a similar note – What happens after the expiration date of the root certificate? Since self-signed root certificates don’t have CRL lists, should timestamps issued by TSAs that use this root still be deemed valid?

certificates – OpenSSL: how to get matching subject_hash from a CMS SignerInfo?

So OpenSSL can calculate a hash value for X509 certificates that uniquely identifies this certificate: (argument -hash or -subject_hash)

now, if I have a CMS file ( in DER encoding, which has a SignedData field with exactly one SignerInfo but which does not contain the actual certificate of the signature, how can I calculate the hash of the signing certificate identical to what openssl x509 -hash -noout -in actual_cert.pem would create for this certificate in question?

Looking at the CMS using openssl cms -inform DER -in infile.cms -cmsout -print yields

  contentType: pkcs7-signedData (1.2.840.113549.1.7.2)
    version: 3
        algorithm: sha512 (2.16.840.
        parameter: NULL
      eContentType: id-smime-ct-TSTInfo (1.2.840.113549.
        0000 - 30 82 01 75 02 01 01 06-04 2a 03 04 01 30 31   0..u.....*...01
        000f - 30 0d 06 09 60 86 48 01-65 03 04 02 01 05 00   0...`.H.e......
        001e - 04 20 89 9b a3 d9 f7 77-e2 a7 4b dd 34 30 2b   . .....w..K.40+
        002d - c0 6c b3 f7 a4 6a c1 f5-65 ee 12 8f 79 fd 5d   .l...j..e...y.)
        003c - ab 99 d6 8b 02 03 2d 19-84 18 0f 32 30 32 31   ......-....2021
        004b - 30 32 30 34 31 34 33 30-35 36 5a 01 01 ff 02   0204143056Z....
        005a - 09 00 83 16 8e 99 d6 23-2e fc a0 82 01 11 a4   .......#.......
        0069 - 82 01 0d 30 82 01 09 31-11 30 0f 06 03 55 04   ...0...1.0...U.
        0078 - 0a 13 08 46 72 65 65 20-54 53 41 31 0c 30 0a   ...Free TSA1.0.
        0087 - 06 03 55 04 0b 13 03 54-53 41 31 76 30 74 06   ..U....TSA1v0t.
        0096 - 03 55 04 0d 13 6d 54 68-69 73 20 63 65 72 74   .U...mThis cert
        00a5 - 69 66 69 63 61 74 65 20-64 69 67 69 74 61 6c   ificate digital
        00b4 - 6c 79 20 73 69 67 6e 73-20 64 6f 63 75 6d 65   ly signs docume
        00c3 - 6e 74 73 20 61 6e 64 20-74 69 6d 65 20 73 74   nts and time st
        00d2 - 61 6d 70 20 72 65 71 75-65 73 74 73 20 6d 61   amp requests ma
        00e1 - 64 65 20 75 73 69 6e 67-20 74 68 65 20 66 72   de using the fr
        00f0 - 65 65 74 73 61 2e 6f 72-67 20 6f 6e 6c 69 6e onlin
        00ff - 65 20 73 65 72 76 69 63-65 73 31 18 30 16 06   e services1.0..
        010e - 03 55 04 03 13 0f 77 77-77 2e 66 72 65 65 74   .U....www.freet
        011d - 73 61 2e 6f 72 67 31 22-30 20 06 09 2a 86 48   sa.org1"0 ..*.H
        012c - 86 f7 0d 01 09 01 16 13-62 75 73 69 6c 65 7a   ........busilez
        013b - 61 73 40 67 6d 61 69 6c-2e 63 6f 6d 31 12 30   as@gmail.com1.0
        014a - 10 06 03 55 04 07 13 09-57 75 65 72 7a 62 75   ...U....Wuerzbu
        0159 - 72 67 31 0b 30 09 06 03-55 04 06 13 02 44 45   rg1.0...U....DE
        0168 - 31 0f 30 0d 06 03 55 04-08 13 06 42 61 79 65   1.0...U....Baye
        0177 - 72 6e                                          rn
        version: 1
          issuer: O=Free TSA, OU=Root CA,, L=Wuerzburg, ST=Bayern, C=DE
          serialNumber: 13972846748170250626
          algorithm: sha512 (2.16.840.
          parameter: NULL
            object: contentType (1.2.840.113549.1.9.3)
              OBJECT:id-smime-ct-TSTInfo (1.2.840.113549.

            object: signingTime (1.2.840.113549.1.9.5)
              UTCTIME:Feb  4 14:30:56 2021 GMT

            object: id-smime-aa-signingCertificate (1.2.840.113549.
    0:d=0  hl=2 l=  26 cons: SEQUENCE
    2:d=1  hl=2 l=  24 cons:  SEQUENCE
    4:d=2  hl=2 l=  22 cons:   SEQUENCE
    6:d=3  hl=2 l=  20 prim:    OCTET STRING      (HEX DUMP):916DA3D860ECCA82E34BC59D1793E7E968875F14

            object: messageDigest (1.2.840.113549.1.9.4)
              OCTET STRING:
                0000 - 4d b9 02 47 cb 66 6e 37-48 c7 56 04 1a   M..G.fn7H.V..
                000d - 77 45 23 95 72 1d 1d e8-62 3e 7b 68 9d   wE#.r...b>{h.
                001a - 58 43 88 64 a7 b3 1b be-bd 56 8e 58 8d   XC.d.....V.X.
                0027 - 8d 12 fe 11 dc 68 89 a5-56 aa bd 00 df   .....h..V....
                0034 - e4 8d f6 3b d8 8e 7d 78-c7 d2 42 a4      ...;..}x..B.
          algorithm: rsaEncryption (1.2.840.113549.1.1.1)
          parameter: NULL
          0000 - 62 39 1e b9 0e e3 ab 74-fa 90 46 bd d6 78 bc   b9.....t..F..x.
          000f - 2e d6 a4 3a 7b f4 0e 45-11 ba 16 c0 48 46 5a   ...:{..E....HFZ
          001e - 52 87 c5 3c 9d ae c7 1d-83 dc c8 03 8f 2e 70   R..<..........p
          002d - 2c 4e 1f 6a 4e 5e 64 b7-5d 56 5e cb c9 6f af   ,N.jN^d.)V^..o.
          003c - 17 3d f4 2f c9 a5 b9 5c-d4 a1 03 1f 43 8f a3   .=./.......C..
          004b - 46 13 62 df 4d f6 cc 48-ad 2c c3 43 85 5e 8c   F.b.M..H.,.C.^.
          005a - 5b da a8 97 8d 3a 06 28-72 56 f3 38 e3 06 ad   (....:.(rV.8...
          0069 - ca 80 28 28 73 3f 9a 6f-ed ba b9 ac ed f4 6f   ..((s?.o......o
          0078 - 69 9e 91 d4 d2 4d 6b 1f-98 53 16 66 d7 50 62   i....Mk..S.f.Pb
          0087 - 96 61 9f 0f f6 bd 94 19-d6 04 c5 7e f9 3c 89   .a.........~.<.
          0096 - 5a 8a d1 a1 05 72 4e 6f-9c 8a a5 ef 6b 36 8d   Z....rNo....k6.
          00a5 - e5 ee 8a e9 11 8b 1c 70-42 c7 32 6d 27 42 fb   .......pB.2m'B.
          00b4 - 99 71 25 ae 66 67 48 58-10 df 4a db 08 08 ea   .q%.fgHX..J....
          00c3 - b1 a0 d5 ca 22 4b 46 ad-12 fd a1 72 91 c4 8b   ...."KF....r...
          00d2 - 21 d2 ff d8 b3 13 7f f8-31 9c 42 f6 b4 ea b1   !.......1.B....
          00e1 - 15 21 8a ed e0 b9 6a 3c-0d 88 03 aa 4a ca f2   .!....j<....J..
          00f0 - 13 59 54 99 0b 19 70 4f-91 0a 7e f7 17 92 70   .YT...pO..~...p
          00ff - dd 0f 54 cc 1e e7 7b 42-d2 fa c2 53 3a 45 5a   ..T...{B...S:EZ
          010e - 45 09 c3 7b b5 34 6d 0b-40 82 72 45 4d eb 60   E..{.4m.@.rEM.`
          011d - 00 57 c8 46 77 23 5b 1c-c0 ff 6b 01 5c 0e 2f   .W.Fw#(...k../
          012c - fb 87 b3 e6 42 e5 1b 1d-25 6c c5 43 c4 af b8   ....B...%l.C...
          013b - 9b 51 74 f2 c9 85 d2 54-52 ca b6 4e ac a1 83   .Qt....TR..N...
          014a - 28 80 99 11 d5 ed a0 82-ad cc df 7d 18 a4 2c   (..........}..,
          0159 - 05 79 c0 f9 be 7c 52 1e-33 84 0c a5 ae b4 4e   .y...|R.3.....N
          0168 - 6d 08 ee 68 13 44 35 15-5f e1 3d e5 72 36 72   m..h.D5._.=.r6r
          0177 - 05 8e 4c 4d 7f 0d ce 32-23 5c 16 bc 73 99 e6   ..LM...2#..s..
          0186 - 68 ea c5 19 e7 4d d7 0f-22 d5 1c 61 ac a8 cf   h....M.."..a...
          0195 - b6 70 49 79 3c 22 1a 90-96 cd 3b fb 11 bb 56   .pIy<"....;...V
          01a4 - 4f 2a 41 a7 5d 61 f4 81-6a 1c ce 2d f9 0c bb   O*A.)a..j..-...
          01b3 - 91 80 7a 9d 9c 61 37 81-e1 77 20 d3 06 56 be   ..z..a7..w ..V.
          01c2 - f3 df 1c 74 47 ee ab 81-7a 03 80 96 95 a0 93   ...tG...z......
          01d1 - 4b f4 e6 b9 a2 f4 8b 2f-25 80 2f c9 b5 a3 99   K....../%./....
          01e0 - 34 e0 ab 8e 2b fb e3 ce-26 91 0a b3 6d af 18   4...+...&...m..
          01ef - 5a d7 a8 7c 3e c6 1c 17-0d e8 30 da df f2 5d   Z..|>.....0...)
          01fe - 51 3b                                          Q;

So I see there is one SignerInfo object.

According to 5.3. SignerInfo Type in :

The fields of type SignerInfo have the following meanings:

      version is the syntax version number.  If the SignerIdentifier is
      the CHOICE issuerAndSerialNumber, then the version MUST be 1.  If
      the SignerIdentifier is subjectKeyIdentifier, then the version
      MUST be 3.

      sid specifies the signer's certificate (and thereby the signer's
      public key).  The signer's public key is needed by the recipient
      to verify the signature.  SignerIdentifier provides two
      alternatives for specifying the signer's public key.  The
      issuerAndSerialNumber alternative identifies the signer's
      certificate by the issuer's distinguished name and the certificate
      serial number; the subjectKeyIdentifier identifies the signer's
      certificate by a key identifier.

So in the provided example SignerInfo.version is 1, so the certificate is idenified by issuerAndSerialNumber so how would I compute the corresponding X509 hash? Just extract issuerAndSerialNumber.issuer and calculate the SHA-1 of it? If so, how can I extract this using Openssl?

If now the SignerInfo.version would be 3 instead of 1, if I understand the specification correctly there wouldn’t be an issuerAndSerialNumber field but instead a SubjectKeyIdentifier field. Would this be already the hash that openssl x509 -hash -noout -in actual_cert.pem would output? If not, how would I calculate the corresponding hash in this case?

certificates – Why is this PEM file invalid?

I have a file chain.pem that contains two PEM encoded certificates, the first one being the TSA certificate and the second one being the self-signed CA.

the file content is exactly:


If I try to load this using openssl, I get the following error:

$ openssl pkcs7 -inform pem -in chain.pem -text
unable to load PKCS7 object
372716:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../openssl-1.1.1i/crypto/asn1/tasn_dec.c:1149:
372716:error:0D06C03A:asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error:../openssl-1.1.1i/crypto/asn1/tasn_dec.c:713:
372716:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../openssl-1.1.1i/crypto/asn1/tasn_dec.c:646:Field=type, Type=PKCS7
372716:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:../openssl-1.1.1i/crypto/pem/pem_oth.c:33:

I checked answers in this one, but It seems the headers and footers are propper – so, what’s wrong with this certificate file?

certificates – Digital Signature uses private key for encryption, and public key for decryption?

Public key is for encryption, and private key is for decryption in PKIs.
And digital signature employs the PKIs.
How to use a private key for encryption, and using public key for decryption which violate asymmetric cryptography?


from geeksforgeeks

The steps followed in creating digital signature are :

  1. Message digest is computed by applying hash function on the message and then message digest is encrypted using private key of sender to form the digital signature. (digital signature = encryption (private key of sender, message digest) and message digest = message digest algorithm(message)).
  2. Digital signature is then transmitted with the message.(message + digital signature is transmitted)
  3. Receiver decrypts the digital signature using the public key of sender.(This assures authenticity,as only sender has his private key so only sender can encrypt using his private key which can thus be decrypted by sender’s public key).
  4. The receiver now has the message digest.
  5. The receiver can compute the message digest from the message (actual message is sent with the digital signature).
  6. The message digest computed by receiver and the message digest (got by decryption on digital signature) need to be same for ensuring integrity.