Let's #Encrypt rolls out free IP address #certificates • The Register

Let's Encrypt, a #CertificateAuthority (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses.

It's not the first CA to do so. #PositiveSSL , #Sectigo, and #GeoTrust all offer TLS/SSL certificates for use with IP addresses, at prices ranging from $40 to $90 or so annually. But Let's Encrypt does so at no cost.
#security #tls #ssl #privacy

https://www.theregister.com/2025/07/03/lets_encrypt_rolls_out_free/

LetsEncrypt – Expiration Notification Service Has Ended

https://letsencrypt.org/2025/06/26/expiration-notification-service-has-ended/

#HackerNews #LetsEncrypt #Expiration #Notification #Service #Has #Ended #News #Cybersecurity #SSL #Certificates #OpenSource

It seems that the last remaining provider of Free personal S/MIME certificates (Actalis) has now left that space.

Are there any others left that I don't know about?

#smime #certificates #personal

Building Your Own PKI with Step-CA – From Root CA to Proxmox Integration with ACME!

In this #HowTo we create an own, decentralized PKE with #stepca, enable #ACME and integrate a #Proxmox node to obtain a certificate.

#proxmox #stepca #opensource #howto #homelab #enterprise #pki #security #decentralized #x509 #certificates

https://gyptazy.com/building-your-own-pki-with-step-ca-from-root-ca-to-proxmox-integration-with-acme/

Don’t forget #CO2 #certificates are another form of #greenwashing. And a scam given money is paid on the basis of misleading and false information. #TheGuardian #DieZeit #SourceMaterial “94 percent of the credits are likely to be worthless”

https://www.zeit.de/wirtschaft/2023-01/co2-certificates-fraud-emissions-trading-climate-protection-english/seite-4

Now that :donaldtrump: made America great again, I have cancelled Microsoft XBOX subscription, moved multiple domains to Canadian domain registrar and recently switched to European trust provider for TLS certificates :ablobcatcoffee:

Sure, great business :ablobcatpopcorn:

#uspol #maga #servers #domains #certificates

Renew a Self Signed Certificate on an Exchange Server 2007 | https://techygeekshome.info/renew-self-signed-certificate/?fsp_sid=157 | #Certificates #Exchange #Guide #Microsoft 
https://techygeekshome.info/renew-self-signed-certificate/?fsp_sid=157

Renew a Self Signed Certificate on an Exchange Server 2007 | https://techygeekshome.info/renew-self-signed-certificate/?fsp_sid=156 | #Certificates #Exchange #Guide #Microsoft 
https://techygeekshome.info/renew-self-signed-certificate/?fsp_sid=156

Escплуатация. Повышение привилегий с использованием AD CS

Привет, Хабр! На связи команда PT Cyber Analytics. Мы взаимодействуем с этичными хакерами в различных red‑team‑проектах, реализуемых для наших заказчиков. Пока хакеры занимаются поиском уязвимых мест и различных недостатков в системах заказчиков, мы — аналитики — занимаемся комплексным анализом системы, оценкой уязвимостей и их последствий в контексте угрозы для заказчика, составляем список рекомендаций и мер и представляем все обнаруженное хакерами и проанализированное нами в форме понятных отчетов. В процессе работы над подобными проектами мы провели множество исследований инфраструктур и накопили знания о различных актуальных атаках — и хотим поделиться этими знаниями с экспертами или теми, кто просто заинтересован в информационной безопасности. Свою статью мы бы хотели начать с обсуждения атак, наиболее часто проводимых в рамках внутренних пентестов. Основная цель внутренних пентестов — получение контроля над инфраструктурой заказчика. Поскольку большая часть компаний использует Active Directory для построения сетей, то цель обычно достигается путем получения учетной записи администратора домена (или другой учетной записи с аналогичными привилегиями). С такими правами потенциальный нарушитель может сделать практически все что угодно: добраться до любой важной информации, зашифровать данные, вывести критически значимые системы из строя и т. п. Таким образом, получения подобной учетной записи в большинстве случаев достаточно для окончания работ и подтверждения успешности взлома внутренней сети. Есть множество способов добиться этой цели, один из них, и достаточно популярный, — проведение атак на службу сертификации Active Directory (AD CS).

https://habr.com/ru/companies/pt/articles/916888/

#cybersecurity #certificates #activedirectory #certificate_authority #certipy #adcs #пентест #redteam

Getting Forgejo Helm Deployment to Also Trust a Local Certificate Authority

https://blog.hardill.me.uk/2025/06/08/getting-forgejo-helm-deployment-to-also-trust-a-local-certificate-authority/

Earlier this week I blogged about getting a Forgejo Action Runner to trust my local Certificate Authority so it could check out projects.Last night while trying to setup Keycloak as a authentication source, I ran into another instance of this problem, this time with the core Forgejo application.

The problem was basically the same, the Keycloak instance is protected by a HTTPS certificate […]

#certificates #forgejo #git #https #kubernetes

Forgejo Action Runners with Private HTTPS Certificates

https://blog.hardill.me.uk/2025/06/05/forgejo-action-runners-with-private-https-certificates/

I set up a Forgejo instance a few days ago to have a play, it runs in my Kubernetes cluster and is issued a HTTPS certificate from my Small Step CA via Cert-Manger using ACME.

Forgejo offers basically most of the features of GitHub in a self hosting environment, with git repo, full web UI, package hosting among other things. It can also be setup to mirror public GitHub (and other) repos so […]

#certificates #docker #git #kubernetes

Why Koreans Are Obsessed with Collecting Certificates (자격증) — Top 5 Free Websites to Earn a Certificate

For details: https://www.koreantopik.com/2025/05/why-koreans-are-obsessed-with.html

#southkorea #korean #자격증 #job #certificates

My friend pointed out that short-lived #TLS #certificates is a convenient tool for #censorship, because a CA can just return "unknown error, try again later" on a renew attempt in case they are asked to block a specific domain.

Actually, the main reason is that no one wants to deal with #CRL, I guess. OCSP has shown its significant flaws so it's no more recommended to be switched on, and we're returning to revocation lists. Mozilla's CRLite is already implemented in Firefox, but not in small native (i mean, not webapps) applications and utilities.

Offline verification is always a mess, it's true for both JWT and TLS, but the latter is decentralized (which is good for the web, of course), therefore is much more of a mess. #infosec

How to Easily Secure A Website | https://techygeekshome.info/how-to-easily-secure-a-website/?fsp_sid=23476 | #Certificates #security #SSL 
https://techygeekshome.info/how-to-easily-secure-a-website/?fsp_sid=23476

How to Easily Secure A Website | https://techygeekshome.info/how-to-easily-secure-a-website/?fsp_sid=23475 | #Certificates #security #SSL 
https://techygeekshome.info/how-to-easily-secure-a-website/?fsp_sid=23475

@christopherkunz #UnpopularOpinion: The #ValueRemoving #RentSeeking nature of #SSL-#Certificates is the problem.

Solutions that tried to unfuck this ( @cacert ) got cockblocked by #Apple and #Microsoft whilst @letsencrypt which basically provides certificates to everyone and everything gets a free pass.

• Because #SiliconValley is more equal than others!

https://www.mail-archive.com/mailop@mailop.org/msg24668.html

Doesn't sound too bad for general public #email traffic, but certainly not great for some more specific use cases.

I'm curious how the other CAs will react - will there be separate client authentication certificate or will they continue to offer #certificates with client+server auth, but from dedicated intermediates for non-www scenarios?

@rl_dane @ShinjiLE if you or someone else wants to help argue, the thread is at https://community.letsencrypt.org/t/do-not-remove-tls-client-auth-eku/237427 (Discourse, so JS webbrowser), I’m exhausted.

#LetsEncrypt #SSL #TLS #certificates #X509 #X509v3 #sendmail #SMTP #XMPP #Jabber

For qbittorrent to register as a magnet handler it needs to be using TLS.

Create a Certificate Authority, add the CA Cert to your own PC's trusted store.
Then import it directly into Firefox.
Create a subsidiary cert with the URL of qbittorrent as the CN and also Alt name DNS Name and also the IP just in case.
Sign it with your CA cert, this part is made easier if you're using a cert authority software and not just raw openssl but you do you.
Copy the cert and key into qbittorrent and tell it to use the certs YAY.

OK but qbittorrent doesn't support both HTTP and HTTPS, so now Sonarr is complaining about cross security issues, so enable SSL for Sonarr.
Sonarr is made with C# and only supports PFX certs and also they haven't added a gui option to set it for some reason.
First create a cert for radarr like you did for qbittorrent.
Then turn it into a pem like this:

cp cert.crt cert.pem
cat cert.key >> cert.pem

openssl pkcs12 -export  -out sonarr.pfx  -inkey sonarr.pem   -in sonarr.pem  -certfile sonarr.pem

<SslCertPath>/config/certs/sonarr.pfx</SslCertPath>

#!/bin/sh
cp /config/certs/ca.crt /usr/local/share/ca-certificates/
update-ca-certificates

    post_start:
      - command: ./config/certs/update-ca.sh

#fedihelp #fedihilfe

I am looking for a free provider of #x509 #certificates for use with #CAI #ContentAuthenticityInitiative #C2PA #ContentCredentials. #Adobe and #PixelStream seem to offer this #service, but not for #free. Basicalky something like #LetsEncrypt, only for #images.

#c2patool #Laica #nikon #freelens #truepic #zebra