SSL/TLS Digital Certificate Management

  • CA – Certificate Authority. Issues certificates

  • CA needs to be trusted by all parties involved

  • Root CA certificates pre-installed on devices

  • Use cases:

    • Verify identity.

    • Non-repudiation.

    • Electronic signatures

    • Encryption

  • Certmgr.msc in Windows

  • Sysinternals SigCheck

  • Certificate stores built into browsers

  • Certificate.transparency.dev

  • Special Certificate Types

    • SAN – Subject Alternative Name. Use same certificate for multiple services.

    • Wildcard Certificate – Covers subdomains

  • Certificate Management Tasks

    • Install, update, validate root certificates

    • Install update, revoke user and machine certificates

    • Manage self-signed certificates

    • Revoke untrusted certs ASAP

    • Check certificate status:

      • CRL (certificate revocation list)

      • OCSP (Online certificate status protocol)

    • Utilities: openssl (linux) and certutil (windows)

  • SSL and TLS

    • Widely used in security web traffic (HTTPS), but any protocol is supported

    • Certificate required on the server

    • SSL 3.0 became TLS 1.0

    • Only TLS is safe to use (1.2 or 1.3)

    • Careful with downgrade attacks

  • Certutil -store

    • Windows command to list certiifcates

  • Digicert ssl tools

PreviousWeb Application ScannersNextMobile Threats

Last updated