ssl – Outlook EAS with certificate authentication

I use EAS (ActiveSync) with certificate authentication. I could easily configure this on iOS and Android. However, I can not configure certificate authentication for Outlook on Windows. I have already imported the PFX file into the Windows certificate store. Internet Explorer can access the Active Sync directory, but Outlook can still not connect. Any ideas?

dns – certificate warning when I enable DNSSEC

I registered mydomain.net (with the Google domain registration server). In the Google Settings DNS settings, I say that mail.mydomain.net should switch to the Email Cloud app (in this case, business.zoho.com, but that's probably not relevant). I used a CNAME record in the DNS domain of the Google domain.

mail CNAME 1h business.zoho.com

At first it worked smoothly, but eventually, after I enabled DNSSEC, I got a certificate error because mail.mydomain.net obviously does not match business.zoho.com. Everything indicates that DNSSEC is the culprit, but I can not be sure. Does this make sense – and what do I have to do (generally) to enable DNSSEC without receiving the certificate warning in the browser?

Certificate – Custom self-signed certificate reset to Unifi Cloud Key 2?

I set up my homelab and learned to create custom CAs and intermediate CAs for different parts of my setup. I've created a custom key and certification chain that I want to use for my cloud key. After many struggles, I learned about the following commands

java -jar lib/ace.jar import_key_cert /srv/unifi/data/custom_unifi_certificate.key /srv/unifi/data/custom_unifi_certificate.fullchain.pem
service unifi restart

I drove yesterday before work and things seem to be ok. No error, after running the commands and calling the URL of my cloud key, I realized that the given key was used. However, when I got home, it was again a self-signed Cloudkey certificate. I do not know if it was exactly like it was before, but I know it's not mine.

Does anyone know what happened and how I can get myself to stick?

mobile – Is fixing the global root CA almost the same as fixing no certificate at all?

I've seen several mobile applications that pin Global Root CAs instead of intermediate certificates / leaf certificates. Is not this at the same risk as attaching a certificate at all?

Considering the classic attack scenario for coffee shops where the owner of the network issued a certificate for his domain (*.evilcoffee.com signed by DigiCert)

If the mobile application trusts a certificate issued by Digicert, can you effectively use MiTM?
Do I miss something?

ssl – Install a certificate on a web server

I know that's a noob question.

I have a web server on a Ubuntu 16.04. I want to install a certificate on it so I can secure it with Cloudflare SSL. Everything I found online contains web server-specific instructions, but I'm not sure what software I'm using. The code I use is on GitHub. I have followed all the instructions there to get this server up and running. My server is running on AWS.

Thank you for any help you can give.

Residence – Do I need an Apostille on my Romanian birth certificate for use in Portugal?

My situation is:

  • I am an EU citizen, born in Romania
  • I live in Portugal and already have a residence permit
  • My partner (roommate> 2 years) is a US citizen born in the USA.
  • She applies for her residence in Portugal, for which both birth certificates are required.
  • I already have my Romanian birth certificate in Romanian

My understanding is:

  • The birth certificate of my partner must be translated into Portuguese and apostilled.
  • My birth certificate has to be translated into Portuguese.

My question is:

  • Does my birth certificate have to be Apostille?

I base my question on this website, which reads:

According to Regulation (EU) 2016/1191 on public documents, which came into force on 16 February 2019, an apostille (stamp of authenticity) is no longer required if public documents issued by the authorities of a Member State of the European Union (EU) were submitted to the authorities of another EU member state.

It also means:

However, the implementation of the new rules may take different amounts of time between different authorities in different Member States.

This leaves me unsure how the current situation in Portugal is.

tls – Install a PFX / SSL certificate downloaded from the server on an Android / iOS device in a React Native app?

I'm creating a React Native application that will download an SSL certificate file or PFX file from the server or a remote file store. After receiving this file, I want to install this certificate on the device so that only my app can access it. I want to use this certificate to allow secure API calls to another server that communicates with HTTPS.
I'm assuming that I should use the keyring on iOS and the keystore on Android to save the certificate, but I'm not sure if I can save a PFX with it. And how do I use it after saving for the API calls that I subsequently make?