Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certificate]

Certificates are a Public Key and Identifying Information

Within public key cryptography (such as that used in SSL and TLS), you have both a private key (that you keep secret), and a public key (that you share widely).

In order to avoid MITM (Man In The Middle) attacks, rather than publishing just the raw public key, you normally share a Certificate. The Certificate contains your public key, along with information identifying you (such as the hostname of your website, and your organisation). The identifying information is authenticated by a Certificate Authority (CA), and can be used to ensure you're talking to the right person.

Certificates are normally issued by a Public Certificate Authority, but they can be self signed (the certificate is its own CA), or issued by a private CA.

1327 questions
7
votes
1 answer

How does one forward a client authentication certificate through HA proxy while terminating TLS?

I have a web API fronted by an HA Proxy load balancer. The web API uses client authentication certificates for identity authentication and authorization. I'd like the HA Proxy appliance to terminate the TLS connection and use normal HTTP on the…
Matt Hamsmith
  • 183
  • 1
  • 7
7
votes
1 answer

Purpose behind subordinate Certificate Authorities

At my place of employment, we are setting up a PKI infrastructure using Microsoft products. We have a totally clean slate here and want to have a good start. We're wondering why anyone would set up subordinate CA's. Why not use the root CA for…
James Jones
  • 551
  • 2
  • 7
  • 15
7
votes
2 answers

NGINX SSL: error:0200100D:system library:fopen:Permission denied

I have been stuck on this for ages and I'm hoping someone can offer some advice. Trying to install a new SSL certificate on a site. On running nginx -t i get the following error: nginx: [emerg]…
Craig
  • 171
  • 1
  • 1
  • 3
7
votes
3 answers

Does a CA require a full-time administrator?

At my place of employment, we have skated by over the years without having an internal Certificate Authority. This has worked for us because there was no visible impact by not having trusted entities. However, It seems now that this trend has…
James Jones
  • 551
  • 2
  • 7
  • 15
7
votes
2 answers

Have both Hostname and FQDN in SSL Certificate on IIS

I've been searching here, technet and google but haven't been able to find an answer to my question yet. I have a website running on IIS 7, Server 2012 R2. The IIS serves as an access to our Citrix farm. Connecting using https, I have created an SSL…
Mikael Dyreborg Hansen
  • 559
  • 1
  • 5
  • 16
7
votes
1 answer

OCSP stapling with nginx

I'm having trouble with OCSP stapling in nginx. So I start up the openssl ocsp daemon, and then I visit my site. Then it says Invalid request. I am using a private PKI and CA. SSL key: 8192bit DH key 2048bit root@wilhelm:/etc/ocsp# openssl ocsp…
Wilhelm Erasmus
  • 193
  • 7
7
votes
3 answers

Trying to install SSL: Private key does not match certificate

I am trying to reinstall SSL on a domain where the previous certificate expired. I have removed the old certificate and I am attempting to install the new certificate I purchased from NameCheap in Web Host Manager per these instructions:…
alan
  • 71
  • 1
  • 1
  • 2
7
votes
1 answer

HTTPS and trailing dot in domain

Is it possible to solve the scenario where a web server is served behind HTTPS, and must be accessible both with www.domain.com and www.domain.com.? And notice the trailing dot. An example for all: GitHub The certificate of course is for github.com…
Pier Paolo Ramon
  • 173
  • 1
  • 5
7
votes
3 answers

802.1x automatically validate certificate in windows clients

We're deploying a wireless networking using Windows Server 2008 NAC as a RADIUS server. When Windows XP or 7 clients connect they initally fail to connect. In order to enable the client to connect we have to add the network manually and un-check the…
Jona
  • 746
  • 1
  • 9
  • 17
7
votes
4 answers

Have I messed up buying the wrong SSL certificate for my domain?

I have just purchased an SSL certificate from Go Daddy. I setup the certificate to be: www.mydomainname.com (I changed the domain as you can tell.) I setup Apache and it is working. So when I type https://www.mydomainname.com it all…
Peter Delahunty
7
votes
2 answers

How to create self signed wildcard (*.example.com) certificate

I'm trying to install Dynamics CRM 2011 RC and configure it for Internet Facing Deployment. One of the requirements for this is a wildcard SSL certificate. Since I'm installing development/testing server, I don't have a budget for real certificate.…
David Vidmar
  • 173
  • 1
  • 1
  • 5
7
votes
3 answers

Can I use a trusted CA certificate on multiple sites?

Are there any technical/legal/contractual limitations to using a CA certificate on multiple sites that are running on a single machine? multiple machines? Or are the certificates to be used on a per site basis?
Joseph
  • 1,746
  • 3
  • 19
  • 22
7
votes
4 answers

Apt-Get Update Failing because of Certificate Validation

Using Ubuntu Focal fossa. I was trying to install a checkpoint ssl software for VPN, but seems like something messed up all my certificates. Now whenever I try sudo apt-get update I get the following errors. Get:1…
Della
  • 175
  • 1
  • 1
  • 5
7
votes
2 answers

How to protect an SSL certificate (Apache/CentOS)

I currently use a server SSL certificate without a pass-phrase in order to allow Apache to start up unattended. There are signs from customers to require us to protect the SSL certificate more securely. I'm not sure yet what they are aiming for, but…
Capt. Crunch
  • 839
  • 2
  • 12
  • 25
6
votes
1 answer

How to renew VMware certificate in Veeam

I had to reinstall the vcenter appliance. Since that the Veeam backupjobs fail with the error: Task failed error: The remote certificate is invalid according to the validation procedure Presumably the certificate was renewed. How can I import it?
NewUser
  • 63
  • 1
  • 1
  • 3
1 2 3
88 89