All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Let's Encrypt's Challenge: Creating Intentionally Broken Certificates for Testing

By

mcpherrinm

1mo ago· 6 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Pure flour-power. Hearty enough to carry you through lunch.

Score100TypeanalysisSentimentneutral

Summary

Let's Encrypt, as a Certificate Authority, faces unique challenges in testing certificate validation systems. While most tools focus on maintaining valid HTTPS certificates, Let's Encrypt needs to intentionally create broken certificates (expired, revoked, or otherwise invalid) for testing purposes. The article discusses the technical challenges of creating and maintaining test websites with intentionally broken certificates to ensure that browsers and other software properly handle certificate errors, which is essential for maintaining web security standards.

Key quotes

· 4 pulled
While many tools exist to help run an HTTPS server with valid certificates, there aren't tools to make sure your certificate is revoked or expired.
This is not a problem most people have. Tools to help manage certificates are always focused on avoiding those problems, not creating them.
Let's Encrypt is a Certificate Authority, and so we have unusual problems we need to solve.
One of the requirements for publicly trusted Certificate Authorities is to host websites with test certificates, some of which need to be...
Snippet from the RSS feed
Have you ever needed to make sure your website has a broken certificate? While many tools exist to help run an HTTPS server with valid certificates, there aren’t tools to make sure your certificate is revoked or expired. This is not a problem most people

You might also wanna read

Understanding WebAuthn credential protection policy and discoverable credentials

This article explains the WebAuthn credential protection policy, specifically how developers can use the `residentKey` option to control whe

pilcrowonpaper.com·7d ago

Website Uses Anubis Proof-of-Work System to Protect Against AI Scraping

The article explains that the website uses Anubis, a Proof-of-Work system similar to Hashcash, to protect against AI companies aggressively

wesnoth.org·1mo ago

Firefox 148 Introduces Standardized Sanitizer API for Enhanced XSS Protection

Firefox 148 introduces the standardized Sanitizer API as a security enhancement to protect against cross-site scripting (XSS) attacks. The n

hacks.mozilla.org·3mo ago

Website Blocks Old Browsers to Combat LLM Training Crawlers

A website owner explains that visitors are seeing an error message because their browsers are being blocked by anti-crawler measures. The si

utcc.utoronto.ca·3mo ago

Website Implements Anubis Proof-of-Work System to Block AI Scraping

The article explains that the website is using Anubis, a Proof-of-Work system similar to Hashcash, to protect against AI companies aggressiv

git.kernel.org·4mo ago

Website Implements Anubis Proof-of-Work System to Block AI Scraping

This article explains that the website is using Anubis, a Proof-of-Work system similar to Hashcash, to protect against AI companies aggressi

hecate.pink·4mo ago