Avi's blog

  ? where-object % for each object $_ current object

 In pki - public key infrastructure, CA is responsible for issuing and maintaining digital certificates. They actually sign the certificate with their private key and then it becomes digital signature. They are called trusted RootCA. But what if you don't have trusted rootca?  In that case you need to create your own self signed CA that involves generating private key. Once the CA has been created now using this CA you can sign other certificates in your organization. Which will be called issued by this CA. Once the CA has been created then it needs to be distributed to all clients and servers who needs to trust this, this also maintain chain of trust. The process as follows: Install openssl: sudo apt-get install openssl Generate the private key: openssl genrsa -out ca.key 2048 Create new CA certificate: openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -sha256 Protect the private key: chmod 400 ca.key That's it. Your CA certificate has been created. You can use t...

  Certificates are issued by maintaining chain of trust. Your certificate can be signed by either root ca or intermediate ca. Both of them use their private key to sign your certificate. When intermediate ca signs your certificate then it is doing that on behalf of root ca in order to off-load root ca's tasks.  As intermediate ca signs your web server certificate, like the same way root ca signs intermediate ca's certificate so that web browser can verify that by using root ca's public key.  Once the web server certificate is signed then a certificate bundle is created in which root ca's certificate, intermediate ca's certificate and web server's certificate are send to the organization owner who owns the web server.  Note: OS, browsers already contains the root ca or intermediate ca's public key or certificate. Sometimes the certificate bundle is send by the web server so that browser easily verify intermediate ca and root ca.  Web browser checks web server...

 Open a command prompt or terminal window on your computer. Navigate to the folder where your .crt file is located using the "cd" command. Type the following command to create a .pem file from your .crt file: openssl x509 -in certificate.crt -out certificate.pem -outform PEM Type the following command to create a .key file from your private key: openssl rsa -in private.key -out private.pem -outform PEM Type the following command to create a .pfx file from your .pem and .key files: openssl pkcs12 -inkey private.pem -in certificate.pem -export -out certificate.pfx Change you certificates name and private key name accordingly.  Avi

     It may be defined by different ways by each technology. But the main thing is: Alerts : Individual alerts provides a valuable clue of an ongoing attack.  Incidents : Incident are comprised with multiple alerts or you can say multiple alerts are grouped together to form an incident to make up the story of the attack. 

DMARC, SPF, and DKIM all serve to authenticate the origin of an email and verify that it has not been altered during transit. DKIM - Domain key identified mail.  DKIM is an email authentication protocol. It allows the recipient email server to check the mail message content has not been altered in transit.  To configure this, you need to configure a DKIM dns record in your dns configuration. The dkim record contains a public key that will be used by the recipient email server to verify the digital signature of your outgoing emails. Here is an example: dkim._domainkey.avi.com. IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYKtB+LlbcK3qAsvH8WJpf7h/fnJm3qcRez5Kjr5m5n5r2X9nptjKkut/zCmmyhN/KjdvbYFl2HU6Nb/xlkU6K/DX6+UJzCBRu1OjKLdYgQP0oV6FbMyxU80MjUfZ6iHAV7fL0zqoV7LljK5r5i0oQP9X0ZKjRZc4I4jnL/b57mB35RRRwSVC+1t/Mjt3vq8tsCmTljK/zH+TpvNgYTfKjxwe+myFRs/XFAG8E2/gT4q3JvjKWjC8Rfmbdd9S5+5lEJnD5K7V+wBHkUh7VFjKtM8BVFrI9G9ul7Vx+gJZ8V7P+djKmPyV7e/Ewe8mV7I9tfyz/V7cxoZfKtYwI...