Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certificate]

Certificates are a Public Key and Identifying Information

Within public key cryptography (such as that used in SSL and TLS), you have both a private key (that you keep secret), and a public key (that you share widely).

In order to avoid MITM (Man In The Middle) attacks, rather than publishing just the raw public key, you normally share a Certificate. The Certificate contains your public key, along with information identifying you (such as the hostname of your website, and your organisation). The identifying information is authenticated by a Certificate Authority (CA), and can be used to ensure you're talking to the right person.

Certificates are normally issued by a Public Certificate Authority, but they can be self signed (the certificate is its own CA), or issued by a private CA.

1327 questions
9
votes
1 answer

Can't get Nginx to serve correct certificate chain

I'm trying to set up Nginx (1.4.6-1ubuntu3.1) with a StartSSL certificate. I've been following the documentation to get it working, but Nginx only serves the server certificate, not the intermediate. My server config: server { server_name…
lanzz
  • 399
  • 1
  • 2
  • 7
9
votes
2 answers

How do I work out my certificate chain order manually?

Lets say I start with a certificate. Using openssl I can print it out like this: openssl x509 -in cert.pem -text -noout And I'll get some output such as Validity, Issuer and Subject along with Authority Key Identifier and Subject Key…
hookenz
  • 14,472
  • 23
  • 88
  • 143
9
votes
3 answers

How are Windows MachineKey Container File Name's Derived?

In the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys directory there's an enumeration of Key Containers. The naming convention is _ and I presume the to be a machine identifier. Ultimately I want to be able…
Colyn1337
  • 2,397
  • 2
  • 23
  • 40
9
votes
5 answers

Why is Windows 2012 R2 not trusting my self-signed certificate?

In a testing environment, I'm currently being held up from testing some things that need to be deployed soon (actually already, but you know how deadlines go...) because Windows refuses to trust the self-signed certificate we have in our isolated…
Kromey
  • 3,641
  • 4
  • 25
  • 30
9
votes
4 answers

Is it ok to use self-signed certificates for smtp transport?

By "by ok to use" I mean: are MTA agents receiving emails from my server going to reject my email if not, are they going to make other kind of bad treatment for my emails (marking as spam, unsafe and so...)? ...or is it just better idea to stick…
Miloš Đakonović
  • 682
  • 3
  • 9
  • 28
9
votes
3 answers

Cannot create self-signed SSL certificate with IIS 7

I'm trying to create a self-signed certificate from within the IIS 7 snap-in, with little luck. When prompted for a friendly name for the certificate, I type in the name, and click OK, but then I am shown: There was an error while performing this…
Matt Hanson
  • 1,682
  • 1
  • 23
  • 34
9
votes
1 answer

OpenVPN certificate removal and connecting with no certificate file on server

I've run into a problem, that I removed certificate files from the server. But client that has these files can still connect. I've found out, that I should revoke the certificate and that this can be done by changing line with that certificate…
tymik
  • 398
  • 2
  • 6
  • 16
9
votes
2 answers

Https for embedded devices, local addresses

I am trying to add https to the embedded devices I am working on. These devices are generally assigned local ip addresses and so cannot get their own ssl certificates. So essentially my question is how does one get a certificate for a device without…
Shiftee
  • 193
  • 1
  • 5
9
votes
3 answers

Self generate SSL Certificate for IIS6?

Hi guys is it possible to create your own SSL cert for IIS 6? If so does anyone have a link to a good guide on the web? Thank! John
John
  • 343
  • 2
  • 6
  • 13
9
votes
5 answers

Ubuntu 12.04 LDAP SSL self-signed cert not accepted

I'm working with Ubuntu 12.04, using OpenLDAP server. I've followed the instructions on the Ubuntu help pages and can happily connect without security. To test my connection, I'm using ldapsearch the command looks like: ldapsearch -xv -H…
MaddHacker
  • 306
  • 1
  • 3
  • 9
9
votes
2 answers

How can I make apache request a client SSL certificate without needing to verify it against a known CA?

I'm using apache2 (2.2.3) to serve a site where I'd like to have clients authenticate with certificates. Since I only need to verify that a user presenting a particular certificate is the same user who has presented that certificate in the past,…
Isaac
  • 534
  • 2
  • 11
  • 24
9
votes
2 answers

Can't get my SSTP VPN to works due to a certificate issue

I am trying to create a SSTP VPN on my Windows Server 2008 R2, I installed the Network Policies and Access Service, and the AD Certificate Autority service, I create my root certificate and generated a Server authentication certificate (named with…
Kedare
  • 1,786
  • 4
  • 20
  • 37
8
votes
1 answer

Generate CSR including certificate template information with OpenSSL

I'm generating a CSR with OpenSSL using the following configuration file: [ req ] default_bits = 2048 default_keyfile = usercert.key distinguished_name = req_distinguished_name attributes = req_attributes prompt …
Chris
  • 334
  • 1
  • 3
  • 12
8
votes
1 answer

My GoDaddy! certificate is not trusted by iOS devices but it is trusted by Android and Windows devices

I’ve deployed some Radius servers (Windows Server 2012 R2 with NPS). They use PEAP-MSCHAP-V2 for authentication with a SAN Go Daddy Certificate. They are deployed in order to handle Wi-Fi connections. The certificate works with all my devices…
user378997
  • 83
  • 1
  • 1
  • 5
8
votes
2 answers

How do I issue multiple certificates for the same Common Name?

I am creating a Certificate Authority for an intranet. I have generated a root and intermediate CA and successfully signed a server certificate using the intermediate CA. The server certificate has CN=mysite.com. In the future this server…
spraff
  • 549
  • 4
  • 8
  • 18
1 2 3
88 89