Code signing is rapidly becoming an important part of application deployment on many platforms. On OS X it suppresses the keychain warnings when you update your application and on Windows it can bypass numerous UAC notifications as well as the initial application launch dialog. This can (sometimes drastically) improve the customer experience and reduce friction [...]

Sometimes there are cases when you have a separate private key/certificate pair (perhaps with an intermediate or two) that need to be combined into a single file.  This merge can be performed on the command line using OpenSSL. openssl pkcs12 -export -in my.cer -inkey my.key -out mycert.pfx This is the most basic use case and [...]

Setting up a basic CA for development certificate issuance via OpenSSL is fairly simple, but most of the tutorials available online don’t show every step. This guide attempts to be as clear as possible, but if you spot anything that could use more explanation don’t hesitate to leave a comment. If you don’t have a [...]

This morning an important and ingenious method of compromising the chain of trust for PKI was published. Naturally the internet is in a tizzy about the implications of this break, but misinformation rules the day. SSL is in no way broken, but CAs still issuing MD5 certificates simply MUST stop as soon as possible. There [...]