Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certificate]

Certificates are a Public Key and Identifying Information

Within public key cryptography (such as that used in SSL and TLS), you have both a private key (that you keep secret), and a public key (that you share widely).

In order to avoid MITM (Man In The Middle) attacks, rather than publishing just the raw public key, you normally share a Certificate. The Certificate contains your public key, along with information identifying you (such as the hostname of your website, and your organisation). The identifying information is authenticated by a Certificate Authority (CA), and can be used to ensure you're talking to the right person.

Certificates are normally issued by a Public Certificate Authority, but they can be self signed (the certificate is its own CA), or issued by a private CA.

1327 questions
13
votes
3 answers

IIS 7.0 - SSL certificate - renew or new?

One of my SSL certificates (simple domain verification only) is about to expire on windows 2003 IIS 7.0 server. I got better offer from another vendor, and the guys who originally issued my certificate do not want to negotiate lower prices. Anyway -…
Sunny
  • 5,834
  • 3
  • 22
  • 24
13
votes
4 answers

Add a custom certificate authority to Ubuntu

I have created a custom root certificate authority for an internal network, example.com. Ideally, I would like to be able to deploy the CA certificate associated with this certificate authority to my Linux clients (running Ubuntu 9.04 and CentOS…
rmrobins
  • 345
  • 2
  • 3
  • 7
13
votes
2 answers

Cost of getting in-house certificate authority trusted

My company has an in-house certificate authority that is currently self-signed. Since we want to start using it for external SSL and secure email to our customers, we need to get it trusted. Does anyone have a ballpark as to what it costs to get…
James Jones
  • 551
  • 2
  • 7
  • 15
12
votes
4 answers

Enable Certificate Enrollment Policy and Request a Cert using PowerShell

Right now, I'm doing the following to request a cert from a CEP server: Open gpedit.msc Under Computer Configuration > Windows Settings > Security Settings > Public Key Policies, double click "Certificate Services Client - Certificate Enrollment…
EGr
  • 609
  • 4
  • 14
  • 29
12
votes
4 answers

How do I keep the ssl key for our website confidential?

I want to keep our SSL key for our website confidential. It's stored on 2 USB sticks, one in a safe deposit box and one I keep secure. And then I'm the only one who applies it to the web server so that it is totally secure. Except... On IIS at…
David Thielen
  • 301
  • 2
  • 13
12
votes
3 answers

openssl: generate certificate request with non-DNS subject alternative names

To create a certificate request containing subject alternative names (SANs) for a host, with openssl, I can use a config file like this (snipped): [req] req_extensions = v3_req [ v3_req ] subjectAltName = @alt_names [alt_names] DNS =…
Paolo Tedesco
  • 1,296
  • 7
  • 16
  • 23
12
votes
1 answer

How to detect whether a particular cert has been installed on a Windows box?

A pre-req for a particular application deployment is that we need a particular PKI certificate installed in the Windows Trusted Publishers cert store of the PCs before installing. Is there any way to detect if a particular cert has already been…
GAThrawn
  • 2,434
  • 3
  • 20
  • 38
12
votes
9 answers

Good low-cost SSL certificate providers

We need an SSL certificate to facilitate remote access and administration by a small number of employees. I don't want to have to train a bunch of non-technical users to install a self-published cert on their home computers, so I'd prefer to…
phenry
  • 533
  • 1
  • 14
  • 24
12
votes
1 answer

How do SAN Certs degrade performance?

I have heard that when lots of names get added to a single SAN Cert (Subject Alternative Name) performance starts to degrade. Can someone explain how SAN certs are processed so I understand what causes the performance cost as names on the SAN…
Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
12
votes
1 answer

AWS installing mod_ssl on apache

I tried installing mod_ssl,I used this command apt-get install mod_ssl to install but I got an error saying unable to locate package mod_ssl. After executing the above command, I got below output Reading package list.. Done Build dependency…
user1263374
  • 133
  • 1
  • 1
  • 5
12
votes
1 answer

Unable to add certificate to the Trusted Root Certification Authorities in Windows 7

I am trying to add an apple developer certificate for sending Push notifications to my Trusted Root Certification Authorities section. I get an error like so: "The import failed because the store was read only, the store was full or the store did…
user20358
  • 221
  • 1
  • 2
  • 5
12
votes
3 answers

Can Https work without a certificate?

Recently our infrastructure team told our development team that you do not need a certificate for https. They mentioned that the only benefit of buying a certificate was to give the consumer peace of mind that they are connecting to the correct…
Mark
  • 235
  • 1
  • 2
  • 7
12
votes
3 answers

Generate self signed SSL certificate for apache

I want to create self signed certificate for the website. The old certificate expired few days ago. There are more than one NameVirtualHosts hosted on systems. The commands I am using to create certificate are taken from one tutorial website and…
Saurabh Barjatiya
  • 4,703
  • 2
  • 30
  • 34
12
votes
3 answers

How to create certificate .cer file?

I would like to work with certificates and the third part authority send me values: -----BEGIN CERTIFICATE----- [...]Many letters and digits[...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...]Many letters and digits[...] -----END…
Tim
12
votes
4 answers

How to clear (remove/delete) certificate (ssl/https) cache from chrome browser?

I lost many hours while setting up some self-signed certificates; the problem turned out to be that the browser (Chrome) cached a bad version of the certificate and then just wouldn't let go. I did lots of experimentation modifying the certificate,…
IAM_AL_X
  • 231
  • 1
  • 2
  • 5
1 2 3
88 89