Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certificate]

Certificates are a Public Key and Identifying Information

Within public key cryptography (such as that used in SSL and TLS), you have both a private key (that you keep secret), and a public key (that you share widely).

In order to avoid MITM (Man In The Middle) attacks, rather than publishing just the raw public key, you normally share a Certificate. The Certificate contains your public key, along with information identifying you (such as the hostname of your website, and your organisation). The identifying information is authenticated by a Certificate Authority (CA), and can be used to ensure you're talking to the right person.

Certificates are normally issued by a Public Certificate Authority, but they can be self signed (the certificate is its own CA), or issued by a private CA.

1327 questions
11
votes
4 answers

Server sent passive reply with unroutable address when connecting to FTP site with FileZilla

I get the error "Server sent passive reply with unroutable address. Using server address instead." when connecting to a FTP site (not SFTP). I have connected to this site many times, however FileZilla asked me to accept a certificate on this…
crmpicco
  • 231
  • 1
  • 3
  • 11
11
votes
1 answer

How to specify multiple root certificates for nginx client certificate verification?

For a project as part of the European Grid Infrastructure (EGI) we need SSL client certificate verification for a service running on nginx. As there are several root CAs allowed within EGI, we need nginx to check them all during client certificate…
Florian Feldhaus
  • 251
  • 2
  • 4
  • 11
11
votes
2 answers

How can I verify/read an IIS7 SSL renewal CSR with OpenSSL

I have the privilege of handling ~5 SSL CSRs per week, checking their validity before passing them off to our CA for action. I use OpenSSL on an Ubuntu machine to check that they are valid, testing things like the correct OU name, a sensible CN, key…
Jim Cheetham
  • 311
  • 2
  • 8
11
votes
3 answers

Adding Subject Alternate Names (SAN) to an existing Cert Signing Request (CSR)

Can any one tell me how I an add a number of Subject Alternate Names to an existing CSR? I'm not talking about generating a CSR with SANs or adding SANs at signing time - I know how to do both of these things. Background: The problem we have is that…
Jason Tan
  • 2,752
  • 2
  • 17
  • 24
11
votes
1 answer

certutil -ping fails with 30 seconds timeout - what to do?

The certificate store on my Win7 box is constantly hanging. Observe: C:\>1.cmd C:\>certutil -? | findstr /i ping -ping -- Ping Active Directory Certificate Services Request interface -pingadmin -- Ping Active Directory…
mark
  • 725
  • 3
  • 15
  • 32
11
votes
4 answers

differences of SSL certificates?

What are differences of SSL certificates for web server, such like extended validation, Smart Seal, wildcards, single root? What certificates are appropriate for what needs?
Kazimieras Aliulis
  • 2,324
  • 2
  • 26
  • 46
11
votes
1 answer

Apache SSL VirtualHosts on a single IP using UCC/SAN certificate

I need to host several Apache virtual hosts with SSL from a single IP. Now - I understand that because SSL wraps around the HTTP request, there's no way to know which host is being requested until a public key has been sent to the client first. This…
Mikuso
  • 265
  • 1
  • 3
  • 7
10
votes
2 answers

Debian Wheezy outdated root certificates

I've ran into a strange problem where a server that's running Debian 7 won't connect to some websites using SSL. After debugging, it turns out that the root certificates for those sites are not known and therefore not trusted. The case I was…
aross
  • 103
  • 1
  • 1
  • 10
10
votes
1 answer

How to generate a pem certificate? in an easy way, for testing

A third-party app I have requires a *.pem certificate to be able to open a wss connection. How can I generate a *.pem file, keeping in mind that I need that only for testing, therefore I want an easy, not necessarily a really secure way to do…
Raj
  • 129
  • 1
  • 1
  • 6
10
votes
3 answers

LFTP: certificate common name doesn't match requested host name

Using lftp to upload files to a remote server from two computers on my network. Using the exact same code this works fine on one and doesn't work on the other. Transcripts of a problem session and a successful session are shown below. The error that…
Mausy5043
  • 1,347
  • 3
  • 9
  • 14
10
votes
2 answers

Trusted root certificate being automatically removed from store

I have a trusted third party's root certificate. I install this to the 'Trusted Root Certification Authorities' certificate store in Windows Server 2008, but it disappears from the certificate store at unknown times. What could be causing…
dan
  • 281
  • 1
  • 2
  • 12
10
votes
2 answers

Install a root certificate in CentOS 6

I know it has been already asked, but despite many hours of research I couldn't find a working solution. I am trying to install my root certificate in my server, so internal service can bind to each other using SSL. What should know about the new…
John White
  • 236
  • 1
  • 3
  • 10
10
votes
2 answers

How do I deploy an internal certificate authority?

IE7 aggressively warns about certificate failure; we have some internal sites that run over HTTPS and thus need a valid cert. We appear to have an certificate authority on the intranet that can sign SSL certs, but we have a problem: how do we mass…
jldugger
  • 14,342
  • 20
  • 77
  • 129
9
votes
2 answers

How can I find the installation date of a certificate in Windows?

I see the valid dates and such, but I'm looking for the date the certificate was actually installed.
Aaron Stainback
  • 225
  • 1
  • 2
  • 4
9
votes
3 answers

Certificate stops working after computer reboot

Got a strange issue that I just can't find any clues. We have a program (Qlikview) which talks to a remote admin service via SSL (Qlikview Server) but it uses the certificate to validate the client. The issue is happening on any client computer…
user2728476
  • 91
  • 1
  • 1
  • 3
1 2 3
88 89