Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certificate]

Certificates are a Public Key and Identifying Information

Within public key cryptography (such as that used in SSL and TLS), you have both a private key (that you keep secret), and a public key (that you share widely).

In order to avoid MITM (Man In The Middle) attacks, rather than publishing just the raw public key, you normally share a Certificate. The Certificate contains your public key, along with information identifying you (such as the hostname of your website, and your organisation). The identifying information is authenticated by a Certificate Authority (CA), and can be used to ensure you're talking to the right person.

Certificates are normally issued by a Public Certificate Authority, but they can be self signed (the certificate is its own CA), or issued by a private CA.

1327 questions
0
votes
1 answer

TLS Cert for unknown IP (shippable software)

I am writing a distributed application that will be sold to multiple customers and hosted on premise. This application operates as a distributed system where many of the same applications communicate with each other over HTTPS as RESTful…
Stephen Collins
  • 103
  • 2
0
votes
1 answer

Issue certs with Windows CA?

I recently installed AD cert services. Right now everything in my home network is using certs issued by my firewall. On the firewall, I can sign CSR's, I can simply create certs and define the lifetime, etc. My question is, is there a way on a…
Mike Van Dunk
  • 1
0
votes
0 answers

Resources using a successfully issued (I think?) ACM Certificate produce net::ERR_CERT_AUTHORITY_INVALID when accessed

We're using an ACM certificate to afford custom CNAMEs in a CloudFront Distribution and an API Gateway API. This was working correctly until we recently moved the creation and assignment of this certificate away from a manual process, into an…
jmkmay
  • 211
  • 2
  • 7
0
votes
1 answer

number of crl certificate(s) or pem certificate(s) present in p7s file

Q. How can we find out the number of CRL files or number of PEM files that can be generated from a P7S file? I understand ( from here ) that the data that is contained in a P7S file is nothing but the encoded(in ASN1, DER format) data of PEM…
csavvy
  • 125
  • 4
0
votes
2 answers

Opening port securely

I'm operating a webapp that should be accessible only to a small number of people equipped with tablets. It is served on port 80 of a server that is on our local network behind the ISP router. The question is : how can I ensure access to authorized…
Biologeek
  • 101
  • 2
0
votes
1 answer

Open SSL Error on Windows 10 - Converting a signed CSR from PEM to CRT

I am attempting to create an IPSec VPN connection with x.509 cert authentication for users. What follows is a test to get things going and isn't a secure implementation. I will get a certificate from a trusted source when I get this working, in the…
S4M8
  • 3
  • 3
0
votes
0 answers

Local Domain LDAP certificate

I'm really new to certificates, I had a windows server 2012 R2 we did an in-place upgrade from 2008 R2, lets call that ADServer. It was the AD DC and everything was fine. I bought new servers and added them to the domain as AD DC's and AD…
Vdub
  • 148
  • 1
  • 8
0
votes
0 answers

Apache 2.4 forced Forbidden when client certificate fails

Our case we are migrating sites from Apache 2.2 to 2.4, and follow a lot tips of this documentation: https://httpd.apache.org/docs/2.4/upgrading.html But still not working fine redirecting the users to our 403 page ErrorDocument when cancel the…
carrascocaballero
  • 1
  • 1
0
votes
1 answer

powershell signed script does not run in different domain

so I managed to sign a powershell script using this nice tutorial https://www.darkoperator.com/blog/2013/3/5/powershell-basics-execution-policy-part-1.html I have one script signed and it works fine everywhere even in other domains. Today I used the…
Vitas
  • 147
  • 1
  • 9
  • 26
0
votes
1 answer

Strongswan 5.7.x not sending intermediate certificate

I am attempting to use a letsencrypt certificate on my strong swan server; but I also see this behaviour with my own internal CA. When trying to connect from a windows 10 host to a strong swan instance, the Windows host displays one of it's…
Philip Adler
  • 121
  • 4
0
votes
1 answer

apache2.4 with vhosts & TLS certificates: certificate for wrong vhost presented

I operate a server hosting multiple virtualhosts with apache2.4. A newly hosted domain (https://www.yachtenwelt.de) is correctly using the respective TLS certificate. In addition, I have to ensure that the user gets redirected to exactly this domain…
DHopf
  • 3
  • 2
0
votes
0 answers

Investigate private key corruption in certificate store

I have more and more cases (let's say, 5-10 per day) in my organization (100k+ PCs) where people suddenly can't connect to VPN, and the reason is because the private key of their certificate no longer exists. What's interesting, when you open the…
StanTastic
  • 860
  • 1
  • 8
  • 25
0
votes
1 answer

Unable to log in to FreeIPA web ui - “Login failed due to an unknown reason.”

I have few months old freeipa installation. However, lately when I came back to continue my administration with IPA server I cannot login to it. DNS is working in my private network without problem even I cannot login to IPA system. I'm using…
matsukan
  • 11
  • 6
0
votes
1 answer

kubelet certificate manager failure after certificate rotation

Today our lab k8s cluster stopped allowing work on the cluster. When I dug in, it was because the certificates expired. I regenerated the certs and configs but when I restart kubelet, we still get connection refused to the apiserver. The apiserver…
Jim
  • 355
  • 1
  • 4
  • 14
0
votes
1 answer

How to find Win 10 RDP/NLA Certificate

I want to confirm that the RDP certificate on the remote Win 10 machine matches what the client is using in case of MITM attacks - how do I do this? So far other answers I have seen do not point me to the location of the same certificate as the one…
Bastion
  • 127
  • 4
1 2 3
88 89