Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certificate]

Certificates are a Public Key and Identifying Information

Within public key cryptography (such as that used in SSL and TLS), you have both a private key (that you keep secret), and a public key (that you share widely).

In order to avoid MITM (Man In The Middle) attacks, rather than publishing just the raw public key, you normally share a Certificate. The Certificate contains your public key, along with information identifying you (such as the hostname of your website, and your organisation). The identifying information is authenticated by a Certificate Authority (CA), and can be used to ensure you're talking to the right person.

Certificates are normally issued by a Public Certificate Authority, but they can be self signed (the certificate is its own CA), or issued by a private CA.

1327 questions
16
votes
2 answers

How to allow RDP access based on client certificate

How can I limit (RDP) access to a Windows Server not only by username/password but also with a client certificate? Imagine creating a certificate and copying this to all computers from which I want to be able to access the server from. This would…
kcode
  • 1,825
  • 4
  • 19
  • 21
16
votes
5 answers

Can I use the same wildcard certification for *.domain.com and domain.com

You can make an SSL certificate by using *.domain.com as the name. But unfortunately, this doesn't cover https://domain.com Is there any fix for this?
Unknown
  • 1,685
  • 6
  • 20
  • 27
16
votes
2 answers

Free OCSP server for testing purposes?

Can anyone recommend a free and simple OCSP server for Windows or Linux?
StackedCrooked
  • 1,387
  • 3
  • 13
  • 22
15
votes
1 answer

How can I create a PKCS12 File using OpenSSL (self signed certs)

I have a bit9 server, and I'm fairly new to the environment, as well as certs. The area to upload the cert says "Import Server Certificate From PKCS12 File" I'm going to just use a self signed cert (I'm hoping it's ok with that), and I'm running…
trueCamelType
  • 1,086
  • 5
  • 20
  • 42
15
votes
2 answers

Is this SSL certificate chain broken and how to fix it?

For the SSL cert on the domain example.com, some tests tell me that the chain is incomplete and since Firefox keeps its own certificate store, it might fail on Mozilla (1, 2, 3). Others tell me it is fine, as does Firefox 36, which tells me that the…
Gaia
  • 1,855
  • 5
  • 34
  • 60
15
votes
2 answers

New server unable to fetch configuration from Puppetmaster due to some ssl error

Three machines in the production environment had some hardware issues and were decommissioned. The infrastructure team has reinstalled them and gave them the same hostnames and IP addresses. The aim is to run Puppet on these systems so these can be…
Itai Ganot
  • 10,644
  • 29
  • 93
  • 146
15
votes
3 answers

SSLCertificateChainFile Deprecation Warning on Apache 2.4.8+

We have an SSL Certificate for our website from Network Solutions. After upgrading Apache/OpenSSL to version 2.4.9, I now get the following warning when starting HTTPD: AH02559: The SSLCertificateChainFile directive (/etc/httpd/conf.d/ssl.conf:105)…
DOOManiac
  • 791
  • 6
  • 12
  • 26
14
votes
2 answers

Outlook security alert - The name on the security certificate is invalid or does not match the name of the site

SBS 2008 running Exchange 2007 and IIS6.0 CompanyA has two other companies that operate under the same roof. To accommodate email, we have 3 Exchange accounts per user to manage this. All users use their CompanyA account to log into the…
Mike66350216
  • 277
  • 1
  • 5
  • 12
14
votes
1 answer

Unable to generate certificate with Subject Alternate Name using Java 1.7 keytool utility

I'm having an issue generating a keypair with subject alternate name using the Java keytool utility from Java 1.7. I'm attempting to follow the instructions found here. An example of the command I'm using follows (this example has been…
Deacon
  • 243
  • 1
  • 3
  • 9
14
votes
3 answers

How to manually create Puppet CA and certificates?

I am wondering how to manually (using openssl instead of puppet ca command) create CA that would be usable by Puppet? The goal would be to script creation of such CA's to deploy them on multiple puppetmasters, instead of certificates being created…
SpankMe
  • 251
  • 1
  • 2
  • 4
14
votes
4 answers

OpenSSL: how to generate a CSR with interactively solicited Subject Alternative Names (SANs)?

I wish to configure OpenSSL such that when running openssl req -new to generate a new certificate signing request, I am prompted for any alternative subject names to include on the CSR. I have added this line to the [req_attributes] section of my…
Maxy-B
  • 243
  • 1
  • 2
  • 7
14
votes
3 answers

How can I use the same key for SSH and SSL (https)

I'm trying to install the development tools for a small team, and I can't get the authentication right. Since we are a distributed team, the server is on the internet. And I'd like to have SSO+zero client configuration. So basically git over…
nraynaud
13
votes
1 answer

What does a domain controller (DC) use a certificate for?

Everyone talks about domain controllers and that they should have a certificate installed, but at the end of the day it is optional. Once installed, what actually makes use of that certificate? My understanding is that it is at least needed…
Ben Short
  • 688
  • 3
  • 7
  • 20
13
votes
1 answer

What happens to code sign certificates when when root CA expires?

So far clear for me: If the code sign certificate itself expires, signed code will be verified/accepted in case it was signed with a time stamp. If not, the signed code is expired too. But what happens if my CA itself expires (root CA an thus…
dr_pepper285
  • 131
  • 1
  • 1
  • 5
13
votes
5 answers

convert .p7b key to a .pfx

I have an SSL certificate in .p7b format that I need to convert to .pfx. If I try this through the windows certificate managment the option to expert as a .pfx is disabled. Trying with openssl I have found the following two commands to do the…
DrStalker
  • 6,946
  • 24
  • 79
  • 107
1 2
3
88 89