Getting an ECC Certificate from InCommon

I work at a University that is a member of InCommon.  One of the benefits of joining InCommon is getting access to an unlimited number of TLS (SSL) certificates (including EV, client, and code-signing certs).  I recently decided that, instead of a traditional RSA cert, I wanted to get an ECC certificate.  In this post, I explain how to use OpenSSL to generate an ECC certificate request, in a way that InCommon (and COMODO) will accept.

Continue reading

Finding (and Trusting) the DoD Root CAs in macOS

Recently, I wanted to read about the NSA’s Commercial National Security Algorithm (or CNSA) Suite, which is their replacement to the Suite B algorithms.  The web site for the CNSA Suite is https://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm, but if you go there now on a Mac, you’ll probably get a security warning.  The reason is, this web site uses a certificate issued by the DoD, and I didn’t have them installed.  How did I get them installed?  Read on!

Continue reading