Avi's blog

  Certificates are issued by maintaining chain of trust. Your certificate can be signed by either root ca or intermediate ca. Both of them use their private key to sign your certificate. When intermediate ca signs your certificate then it is doing that on behalf of root ca in order to off-load root ca's tasks.  As intermediate ca signs your web server certificate, like the same way root ca signs intermediate ca's certificate so that web browser can verify that by using root ca's public key.  Once the web server certificate is signed then a certificate bundle is created in which root ca's certificate, intermediate ca's certificate and web server's certificate are send to the organization owner who owns the web server.  Note: OS, browsers already contains the root ca or intermediate ca's public key or certificate. Sometimes the certificate bundle is send by the web server so that browser easily verify intermediate ca and root ca.  Web browser checks web server

 Open a command prompt or terminal window on your computer. Navigate to the folder where your .crt file is located using the "cd" command. Type the following command to create a .pem file from your .crt file: openssl x509 -in certificate.crt -out certificate.pem -outform PEM Type the following command to create a .key file from your private key: openssl rsa -in private.key -out private.pem -outform PEM Type the following command to create a .pfx file from your .pem and .key files: openssl pkcs12 -inkey private.pem -in certificate.pem -export -out certificate.pfx Change you certificates name and private key name accordingly.  Avi

     It may be defined by different ways by each technology. But the main thing is: Alerts : Individual alerts provides a valuable clue of an ongoing attack.  Incidents : Incident are comprised with multiple alerts or you can say multiple alerts are grouped together to form an incident to make up the story of the attack. 

DMARC, SPF, and DKIM all serve to authenticate the origin of an email and verify that it has not been altered during transit. DKIM - Domain key identified mail.  DKIM is an email authentication protocol. It allows the recipient email server to check the mail message content has not been altered in transit.  To configure this, you need to configure a DKIM dns record in your dns configuration. The dkim record contains a public key that will be used by the recipient email server to verify the digital signature of your outgoing emails. Here is an example: dkim._domainkey.avi.com. IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYKtB+LlbcK3qAsvH8WJpf7h/fnJm3qcRez5Kjr5m5n5r2X9nptjKkut/zCmmyhN/KjdvbYFl2HU6Nb/xlkU6K/DX6+UJzCBRu1OjKLdYgQP0oV6FbMyxU80MjUfZ6iHAV7fL0zqoV7LljK5r5i0oQP9X0ZKjRZc4I4jnL/b57mB35RRRwSVC+1t/Mjt3vq8tsCmTljK/zH+TpvNgYTfKjxwe+myFRs/XFAG8E2/gT4q3JvjKWjC8Rfmbdd9S5+5lEJnD5K7V+wBHkUh7VFjKtM8BVFrI9G9ul7Vx+gJZ8V7P+djKmPyV7e/Ewe8mV7I9tfyz/V7cxoZfKtYwIDAQA