Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certificate]

Certificates are a Public Key and Identifying Information

Within public key cryptography (such as that used in SSL and TLS), you have both a private key (that you keep secret), and a public key (that you share widely).

In order to avoid MITM (Man In The Middle) attacks, rather than publishing just the raw public key, you normally share a Certificate. The Certificate contains your public key, along with information identifying you (such as the hostname of your website, and your organisation). The identifying information is authenticated by a Certificate Authority (CA), and can be used to ensure you're talking to the right person.

Certificates are normally issued by a Public Certificate Authority, but they can be self signed (the certificate is its own CA), or issued by a private CA.

1327 questions
0
votes
1 answer

Why do i get openssl error unknown option for -adext?

I am attempting to generate CSR using openssl with subject alternative names however i get an error stating no options for adext. See command below.. I am using OpenSSL 1.0.2k-fips openssl req -new \ -newkey rsa:2048 -nodes -keyout {domain-name}.key…
eagercoder
  • 123
  • 1
  • 4
0
votes
0 answers

SSL3 decrypt error lead to openssl_handshake bad signature

I have an authentication server based on certificate. The previous roll of certificate (1 CA + 1 Server + 1 Client) worked perfectly. A few days ago the client certificate expired and I had to generate a new one. I encountered the following problem…
molik
  • 69
  • 2
  • 11
0
votes
1 answer

How does XCEP policy (XML) define SubjectType for User or Computer constraint?

We've developed our own implementation of a XCEP/CES WCF service that uses a combination of our certificate management solution and the Microsoft CA to issue the certificates. The standard XCEP XML definition is used (same as the standard Microsoft…
Carsten Kraft
  • 3
  • 2
0
votes
1 answer

Ldap service not running on Windows Server 2019

I have 2 windows server 2019. e.g. server1 and server2. server1 is the domain controller. server1 has below roles installed: ADDS, ADCS, DNS, FILE STORAGE, IIS. server2 is connected to that domain controler. server1 has below roles installed: ADCS,…
Ghansham
  • 101
  • 3
0
votes
1 answer

How does HTTPS certificate presentation work, exactly?

I'm troubleshooting an issue with a SAS vendor. To be clear, this question isn't "how do I fix it?", nor is it "what exactly is causing this problem?" -- rather, it's "how do these technologies work, such that this combination of symptoms is…
JakeRobb
  • 105
  • 6
0
votes
1 answer

How to Enable SSL for Amazon EC2 Instance(LAMP packaged by Bitnami)?

I launch an EC2 instance with an AMI from the marketplace, which is called LAMP packaged by Bitnami. After the instance is launched, I find I can only access its DNS name or IP via HTTP, not HTTPS. It seems that the SSL will not be installed by…
alancc
  • 141
  • 12
0
votes
1 answer

X.509 signed certificate validity

We are trying to generate server certificates for a cluster of Kafka servers to communicate over SSL. The procedure works, but the resulting validity of the certificates is only 30 days. We are requesting 365 days, and after "Step 1" (see below), we…
radumanolescu
  • 103
  • 2
0
votes
1 answer

Verify two pfx certificates are not the same without the password

I need to verify that two pfx files are indeed different certificates, and not the same data pasted two times. My constraints are: I don't have access to the certificate password, therefore I cannot use tools like "certutil -dump path" etc. As…
Silverman
  • 103
  • 2
0
votes
0 answers

Howto dump loaded valid ssl cert's from running nginx, which was erased from disk by mistake?

I knew about gdb. I already dump memory of running nginx process. I see all txt *.conf configs in that dump. But! howto find, convert, etc... some of memory range from that dump to valid initial and erased ssl cert? (Now I can not nither reload or…
jack j
  • 1
0
votes
1 answer

iOS 14.7.1 + Exchange 2019 - Server certificate no longer trusted

After upgrade to iOS 14.7.1 I am no longer able to sync my email/calendar/contacts with company Exchange 2019. Our Exchange uses certificate issued by our enterprise CA and these seem to become untrusted after the upgrade to iOS 14.7.1. I tried…
LiBRo
  • 1
0
votes
0 answers

How to configure Windows to execute only .exe with certificate signing?

I want to run (on a certain computer with Windows 10) only those exe. files, who signed by certificates, which installed on the computer (it can be certificates from CA or my own test certificate). I already tried this solution (and many…
Eugene Afanasovich
  • 1
  • 2
0
votes
1 answer

What if you give a certificate without domain authentication?

I know that domain authentication is required to get a certificate for HTTPS. But I really don't know why this is needed. Can't you just give a certificate without domain verification? What happens if I just give the certificate? Are there any…
user783741
  • 13
  • 2
0
votes
1 answer

What was the reason for dns validation?

I got a certificate from AWS and did dns validation in the process of https communication. But I'm not sure why you are doing that verification. To use the domain, I got a domain from a hosting company and registered it on route53. Isn't this…
user783741
  • 13
  • 2
0
votes
1 answer

CLIUSR certificate expiration

I have an Exchange 2019 DAG and the CLIUSR certificate (clusinfracert) will expire soon. I have extensively researched this and there are very few resources online that address this certificate. There is nothing to 'try', it's either manually renew…
meetooR
  • 1
  • 1
  • 1
0
votes
1 answer

Installing a PFX with bundle-ca included, do I still have to install the ca-authority in root?

I have a Windows web server, and usually I install the ca-authority in "LocalMachine\Root" and the intermediary PFX certificate in "LocalMachine\My", everything works well. Now I wonder, if during the PFX certificate generation I include the…
Sauron
  • 221
  • 1
  • 7
1 2 3
88 89