Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [certificate]

Certificates are a Public Key and Identifying Information

Within public key cryptography (such as that used in SSL and TLS), you have both a private key (that you keep secret), and a public key (that you share widely).

In order to avoid MITM (Man In The Middle) attacks, rather than publishing just the raw public key, you normally share a Certificate. The Certificate contains your public key, along with information identifying you (such as the hostname of your website, and your organisation). The identifying information is authenticated by a Certificate Authority (CA), and can be used to ensure you're talking to the right person.

Certificates are normally issued by a Public Certificate Authority, but they can be self signed (the certificate is its own CA), or issued by a private CA.

1327 questions
6
votes
1 answer

How to use rootcert.pem certificate with curl?

I have a file/certificate in next format rootcert.pem. How to use this certificate with curl ?
Bdfy
  • 181
  • 1
  • 1
  • 3
6
votes
1 answer

openssl certificate chain lost when converting from pem to der

I have a cetificate chain in .pem format from Letsencrypt, called fullchain.pem It has 2 certificates in the chain: keytool -printcert -v -file fullchain.pem |grep "Certificate fingerprints" |wc -l 2 When I convert it to .der using openssl x509 -in…
ArticIceJuice
  • 83
  • 1
  • 1
  • 4
6
votes
2 answers

Is it possible to generate openssl configuration file from an existing x509 certificate?

I am looking for a way to restore openssl configuration from an X509 certificate (or a csr). I know it's possible to look at the certificate and manually reconstruct the config file but it's unreliable and requires too much labor :P. Any…
cyc115
  • 163
  • 6
6
votes
0 answers

The revocation function was unable to check revocation because the revocation server was offline

I have a chain of certificates: MYROOTCERT -> MYCHILDCERT. The MYCHILDCERT certificate has a CRL distribution point extension: [1]CRL Distribution Point Distribution Point Name: Full Name: …
username
  • 249
  • 1
  • 4
  • 18
6
votes
2 answers

Need help setting up Google Cloud Directory Sync with AD using secure LDAP

I wanted to see if anyone else has set up a Google Cloud Directory Sync (GCDS aka GADS) with their Active Directory over secure LDAP (LDAPS). We've been syncing over port 389 and I'd like to encrypt that connection, but when I switch to port 636 the…
Mike
  • 379
  • 2
  • 3
  • 14
6
votes
1 answer

Set Nginx https (on port 443) without the certificate?

I tried to follow up this thread as much as possible but I am always getting this message: This site can’t be reached example.com unexpectedly closed the connection. Try: Checking the connection Checking the proxy and the…
prosti
  • 348
  • 1
  • 6
  • 18
6
votes
1 answer

Which browsers and OSes supports ECC based SSL certificates?

We are evaluating whether to buy a RSA based certificate or a ECC based certificate. RSA is older and is supported by all browsers. ECC is newer, they state it is faster due requiring smaller key for a similar security etc. Unfortunately, I could…
alik
  • 369
  • 1
  • 4
  • 11
6
votes
4 answers

How do I request a certificate from CEP / CES on a Microsoft CA on OSX or Linux?

This article describes how to request a certificate from AD CS (Active Directory Certificate Services) from a non-domain joined windows computer. I would think the same principals apply to non Microsoft OS's, and it's possible to do the same…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
6
votes
1 answer

Can I use both RSA and ECC certificates in apache?

If I simply use "SSLCertificateFile" and "SSLCertificateKeyFile" twice, the certificate chain is broken for the first one. Can I use both RSA and ECC certificate which is issued from different intermediate CA certificate? ================== Update:…
lizitian
  • 61
  • 1
  • 3
6
votes
1 answer

How can I install a client certificate for all users of a computer?

I have a PFX file (.p12) that is needed to allow access a remote web page. Double-clicking on this file and following a few prompts easily adds the certificate to a personal store, but this only works for the currently logged-in user. I want to…
NReilingh
  • 484
  • 3
  • 9
  • 24
6
votes
2 answers

OS X Not Trusting Thawte Primary Root CA - G3

We recently renewed our Nginx webserver's Thawte SSL certificate. Previously we'd been using SHA1 as the signing algorithm, but this time used SHA256 which leads to a new root certificate known as "thawte Primary Root CA - G3" (this can be found on…
David QC
  • 83
  • 2
  • 4
6
votes
2 answers

Limit on X509v3 Subject Alternative Name DNSname length

I have been searching through RFC 5280, 1034, and 1123 trying to figure out what a max string length is, but I can't find it. I'm wondering if any of you happen to know. For those of you who know about X509v3 certificates, you know that you can…
John Ruiz
  • 323
  • 1
  • 4
  • 9
6
votes
1 answer

Does Apache needs to know about intermediate certificates for client authentication?

I have a following hierarchy of certificates. And I need to do a client authentication on Apache. . └── root (CA) - self signed ├── intermediate 1 (CA) | ├── client1 | ├── client2 └── intermediate 2 (CA) ├── client3 …
Victor Ronin
  • 163
  • 1
  • 6
6
votes
3 answers

500 OOPS: SSL: cannot load RSA private key vsftpd

I'm configuring vsfptd on debian 7.3, I'm trying to use ssl. I generate the certficates using this command: openssl req -x509 -nodes -days 1925 -newkey rsa:2048 -keyout /etc/vsftpd/private/vsftpd2.key -out /etc/vsftpd/certificado/vsfptd3.pem And…
user2568422
  • 61
  • 1
  • 1
  • 2
6
votes
1 answer

What does this intention with lots of numbers mean in a SSL certificate?

I was looking at this site, and out of interest, I was having a look at the certificate in Chrome 32, on Windows 8.1, and I had a look at the certificate. I saw this really strange intention, Apart from the usual: Ensures the identity of a remote…
George
  • 183
  • 1
  • 2
  • 9
1 2 3
88 89