Credit card abuse, episode #2 ssl.com presents the lowest price for an EV code signing certificate, however it’s a bit like going into a flea market with a lot of pickpockets around: Pay attention to your wallet, or things happen. This is a follow-up post to one that I wrote three years ago, after ssl.com [...]
Background More than anything, this is a reminder to self why I must use a temporary credit card number when I’ll renew my EV Code Signing certificate I purchased from ssl.com, a few years from writing this (if they’ll still exist by then). I need it for Microsoft’s Attestation signing of drivers for Windows, as [...]
This baffled me for a while: I used certmgr to see if a Windows 10 machine had a root certificate that was needed to certify a certain digital signature, and it wasn’t listed. But then the signature was validated. And not only that, the root certificate was suddenly present in certmgr. Huh? Here’s a quick [...]
Introduction This is my best effort to summarize the steps to attestation signing for Windows drivers (see Microsoft’s main page on this). I’m mostly a Linux guy with no connections inside Microsoft, so everything written below is based upon public sources, trial and (a lot of) error, some reverse engineering, and speculations. This couldn’t be [...]
The goal The envisioned work flow for certificate generation is that the end user requests a certificate from a CA by first generating a public / private key pair, and then sending a request for having the public key certified by the CA. This way, the CA is never exposed to the private key. This [...]
Intro Crypto is not my expertise. This is a pile of jots I wrote down as I tried to figure out what the Microsoft catalogue file is all about. Not-so-surprising spoiler: It appears to be organized and elegant at first glance, but the more you look into it, it’s a mess. Of the kind that’s [...]
Introduction First and foremost: Crypto is not my expertise. This is a note to future self for the next time I’ll need to deal with similar topics. This post summarizes my understanding as I prepared worked on a timestamp server, and it shows the certificates used by it. For how to check a connection with [...]
This post has been terminally removed. It’s pointless to ask me for a copy of it.
This post has been terminally removed. It’s pointless to ask me for a copy of it.
Since around the beginning of December 2017, fetchmail stopped retrieving mails form Gmail servers silently, without issuing any kind of error message. Only when starting fetchmail in the foreground, I got fetchmail: Server certificate verification error: unable to get local issuer certificate fetchmail: This means that the root signing certificate (issued for /C=US/O=Google Trust Services/CN=Google [...]