Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certificate]

Certificates are a Public Key and Identifying Information

Within public key cryptography (such as that used in SSL and TLS), you have both a private key (that you keep secret), and a public key (that you share widely).

In order to avoid MITM (Man In The Middle) attacks, rather than publishing just the raw public key, you normally share a Certificate. The Certificate contains your public key, along with information identifying you (such as the hostname of your website, and your organisation). The identifying information is authenticated by a Certificate Authority (CA), and can be used to ensure you're talking to the right person.

Certificates are normally issued by a Public Certificate Authority, but they can be self signed (the certificate is its own CA), or issued by a private CA.

1327 questions
0
votes
1 answer

Do I need to use the bundle-ca when generating a pfx?

I just bought a "Positive SSL certificate". The crt files and bundle-ca from the issuing company (Sectigo) arrived via email. To generate the pfx I use the "PEM TO PKCS #12" from this site https://decoder.link/converter. Is it necessary that in…
Sauron
  • 221
  • 1
  • 7
0
votes
1 answer

How to specify identity when using SSH agent?

I've got a slightly unusual use-case... I'm using SSH via certificates, (where the authentication mechanism isn't just a signature from a private key, but also presentation of a signed cert). I have many endpoints/servers and different environments…
Woodstock
  • 103
  • 1
  • 1
  • 11
0
votes
1 answer

magento installation did succeed but apache welcome page appears in frontend

I have a VPS at ionos, a centos 8 os. I have installed a LAMP, elsticsearch, rabbit etc... I have a SSL EV for my domain at namecheaped.com: ortie-bio.fr and www.ortie-bio.fr I have followed this tuto to install Magento open source 2.4.2…
cedler
  • 3
  • 2
0
votes
1 answer

Using hostname only instead of FQDN in certificate

Can a localhost's name be used on a self signed certificate and used internally for the applications running on the same localhost? I am just trying to test my applications with certificates. Forgive my ignorance I am new to deploying certs.
rooni
  • 139
  • 7
0
votes
1 answer

What keys must be preserved when migrating an email server?

I'm setting up an email server and a web server on a VPS and in the near future I will probably need to wipe and reinstall the VPS. I used certbot to set up SSL and I've got a backup of /etc/letsencrypt so I can easily move that over to the new…
Matthew Taylor
  • 5
  • 1
0
votes
1 answer

On Premise NPS server check computer account in Azure AD

I've got a Windows based NPS Radius server for authenticating my wireless clients based on device certificates (supplied by my internal CA). In my NPS network policy I have set conditions to grant access only when that the computer is a member of…
Martijn Balink
  • 3
  • 1
0
votes
0 answers

Nginx SSL configuration

I want to setup Nginx for SSL termination. All request with valid client certificates will be terminated at Nginx and request will be forwarded to backend app. I have following Nginx configuration upstream app { server app:8080; } …
roy
  • 119
  • 1
  • 2
  • 15
0
votes
2 answers

How to apply third party CA certificate and self signed certificate to azure logic app

We are using an Azure logic app to integrate a third party API service with a D365FO instance. The third party supplied us with a public CA certificate file (crt) and a self signed certificate plus key file set (crt and key) to secure the…
amigobrewbrew
  • 11
  • 2
0
votes
1 answer

How do I forward a www subdomain through DDNS and use the domain's certificate? - Ubuntu Nginx Let's Encrypt DDNS

I think I am missing something simple, but I just can't see it. I am running the latest Nginx on a home machine running Ubuntu 20.04 version 2. I have pfsense as my router/firewall running on a different machine. I have setup a DDNS…
Garet Jax
  • 115
  • 5
0
votes
1 answer

Apache SSL certificate and Private key

we've a server apache and the certificate is expired. We have an SSL Wildcard certificate issued by Sectigo. I generated the new certificate on our reseller site and we're going to upload it in the machine with apache. We didn't use the private key…
Max
  • 1
  • 1
0
votes
1 answer

Some clients can only authenticate to VPN when connecting as Administrator

I'm trying to set up users to connect to our Azure-hosted network over a VPN. All client machines are running Windows 10. The connection is installed on the client machines by directly adding the required settings to system phonebook file…
Keith Stein
  • 203
  • 1
  • 8
  • 16
0
votes
0 answers

ServerHello incomplete?

I try to configure two servers 'httpd' with TLS1.2 (Client Certificate check enabled) It works fine on one. But not on the second... I get : "unable to get local issuer certificate" I tested with the same client certificate. Conf files are…
Xtra
0
votes
1 answer

Preventing certificate export in Windows for non-admin user

Our organization is thinking to use client certificates to add a new factor in authentication for VPN. We have corporate laptops that would be pre-configured with client certificates and then given out to users. Given that, the user does not have…
Akash
  • 101
  • 2
0
votes
1 answer

Upgrading certificate template schema

I need to update one of my Active Directory Certificate Services (ADCS) certificate templates from schema v2 to v3, to support KSP providers. It seems that I can only do this by cloning the template (only then I get an option to select KSP). Is it…
StanTastic
  • 860
  • 1
  • 8
  • 25
0
votes
1 answer

Verifying Certificate is installed on all computers in an OU - Powershell

I'm trying to confirm a certain certificate is installed on all computer in the Trusted Root Certification Authority folder. This is what I have so far: $Computers = Get-ADComputer -Filter {Enabled -eq $True} -searchbase…
user615258
  • 1
  • 1
1 2 3
88 89