Author Archives: TechTalk

Graph Data Structure

If you want to solve a Rubik’s cube or understand what technology google uses for its maps, this is the place for you.

Many programming problems require you to represent a non-hierarchical relationship between pairs of items. Such problems can be solved by using data structure called graph. I will discuss the concept and implementation of graphs. I will also give various applications of graphs.

We shall see the following :
– Store data in a graph
– Implement a graph
– Apply graphs to solve Programming problems

Want to make your CA Public CA

Leave a reply

If you want to make your Certificate Authority a Public CA then you have to follow the guidance from a voluntary group of certification authorities (CAs), vendors of Internet browser software, and suppliers of other applications that use X.509 v.3 digital certificates for SSL/TLS and code signing.
Link to the website : https://cabforum.org/

Generate CSR with getcsr

If you want an easy and quick way to generate CSR use the link below. The CSR and Keys are generated dynamically and no information is stored or tracked.Generate CSR with getcsr

Note : This is only recommended for Development and Testing environments only. Please do not use this for Production environments. Production environments need hardware to generate the keys to meet various regulatory compliance requirements.

Resolving TLS 1.2 related issues in Windows OS

Leave a reply

Recently there was a move to implement TLS1.2. All of a sudden we started seeing lot of SSL related errors and here is the fix for those errors.

1. You can change the registry value manually (Recommended for experts)

2. Use the following patch from Microsoft.

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

Certificate chaining error in Microsoft Environment.

Leave a reply

If you are using Symantec/Verisign certificate and getting errors around last quarter of 2015 then it is the result incorrect certificate chain.

This can be fixed in the following ways.
1. Obtain the intermediate certificate “VeriSign Class 3 Public Primary Certification Authority” from Symantec and import it to the “Intermediate Certification Authorities” Store.
2. Also obtain the root “Versign Class 3 Public Primary Certification – G5” certificate from Symantec and import it to the “Trusted Root Certification Authority” Store.

There is also an alternate solution available, which suggests de-activating of automatic certification updates, and importing the above certificates.

There are pros and cons of each method. So please choose the solution which suits you the best.

Incomplete FCPath

Leave a reply

If you are using Symantec/Verisign certificates and seeing the “Incomplete FCPath” error around last quarter of 2015 then it is the result incorrect certificate chain. This type of error occurs with KeyStores. The following is the recommended fix to over come the problem.

1. Obtain the intermediate “Symantec Class 3 Secure Server CA – G4” certificate from Symantec and import it to the trust KeyStore.
2. Also obtain the root “Versign Class 3 Public Primary Certification – G5” certificate from Symantec and import it to the trust KeyStore.

Make sure that the KeyStore is in correct path.

The above solution will fix the error.

Similar problem also exists for windows based servers and the solution is little different.