Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
12
votes
2 answers

Install existing SSL certificate on Dell iDRAC7

I've got some servers with iDRAC7 Enterprise and I want to add my existing wildcard SSL certificate for my domain so that when I load the iDRAC webpage I get a valid certificate. I've tried the "Upload Server Certificate" option but I can't seem to…
thelsdj
  • 830
  • 1
  • 12
  • 25
12
votes
1 answer

How do SAN Certs degrade performance?

I have heard that when lots of names get added to a single SAN Cert (Subject Alternative Name) performance starts to degrade. Can someone explain how SAN certs are processed so I understand what causes the performance cost as names on the SAN…
Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
12
votes
1 answer

ssl client cert verification fails in nginx

I am trying to setup ssl client authentication in nginx. I crated a self-signed root CA. Using that, I created a sub-CA. I used this sub-CA to create a certificate for a client. I concatenated the sub-CA and the root CA into a new file. I verified…
Shawn J. Goff
  • 415
  • 5
  • 13
12
votes
2 answers

SSL certificate for website - no legal company name?

I am launching my own social website and need SSL for the user login section. To get the SSL they require the CSR key, which requires an organization name, and this name it is mentioned should be legally registered in your state. I don't have a…
Mike
  • 121
  • 1
  • 1
  • 3
12
votes
1 answer

What is the 'cacert.pem' and for what to use that?

I am developing a web application on localhost with domains and sub-domains and I would like to use a HTTPS connection. On my Mac OS, in order to enable SSL, I need to set Apache correctly, so I followed some guide to accomplish part of that. Now it…
user65567
  • 671
  • 2
  • 6
  • 9
12
votes
7 answers

Installing SSL Certificate for use in IIS7, installation "works", but cert listing disappears

Windows Server 2008 R2, IIS7. We have an SSL cert from Go Daddy. It's a wildcard cert, so it will work across subdomains (e.g. *.domain.com). I followed the instructions located at…
Matt
  • 3,241
  • 9
  • 30
  • 33
12
votes
3 answers

Distributing SSL Certificates to All Browsers in an Active Directory Environment

I've generated a single self-signed SSL certificate (that expires in 5000 years). The purpose of the cert is to simply encrypt the https traffic of a trusted deno application that is accessed by a variety of web browsers on multiple corporate…
LonnieBest
  • 1,510
  • 4
  • 22
  • 39
11
votes
3 answers

Can I use Public-Key-Pins with LetsEncrypt?

Can I setup Public-Key-Pins when I setup a cronjob to renew the LetsEncrypt certificate every 30 days? If the certificate is renewed then the Public-Key-Pin is also renewed right?
Bob Ortiz
  • 444
  • 4
  • 21
11
votes
2 answers

openssl - What is the public key default MD

In openssl.cnf default_md (use public key default MD) is set to default. How can I find out what the default is without generating a certificate? Is there a file I can check where it lists the default?
abalone
  • 211
  • 1
  • 2
  • 5
11
votes
2 answers

How can I set up Certificate Transparency if my CA doesn't support it?

I think many of you have actually heard of Google's Certificate Transparency initiative. Now the initiave involves a public log of all certificates issued by some CA. As this is some amount of work, not all CAs have set it up yet. For example…
SEJPM
  • 367
  • 5
  • 16
11
votes
3 answers

How do I connect to an OpenVPN server and dump the certificate chain presented when connecting?

My first thought was to use something like openssl s_client but this only supports TCP not UDP and it seems there requires some special magic to get TLS over UDP working, how do I interface with that and get a dump of the certficate chain presented?…
Shelvacu
  • 373
  • 1
  • 2
  • 15
11
votes
1 answer

Find out how many browsers reject SSL certificate

I'd like to find out how many browsers reject our SSL certificate when making HTTP requests to our webserver. We're using a free CA which now seems to be recognised by most modern browsers, but I'd like to get some numbers without exhaustively…
Matt
  • 645
  • 1
  • 7
  • 14
11
votes
4 answers

Keytool SubjectAlternativeName

I'm trying to get the certificates just right for our Jira/Confluence deployments in house. People access them differently, either from the hostname or the FQDN. I'm using Java 7's keytool so I have access to the server alternate name…
Tawm
  • 193
  • 1
  • 1
  • 11
11
votes
1 answer

certutil -ping fails with 30 seconds timeout - what to do?

The certificate store on my Win7 box is constantly hanging. Observe: C:\>1.cmd C:\>certutil -? | findstr /i ping -ping -- Ping Active Directory Certificate Services Request interface -pingadmin -- Ping Active Directory…
mark
  • 725
  • 3
  • 15
  • 32
11
votes
3 answers

SSL certificate for a public IP address?

I just tried buying a Comodo Positive SSL but it was rejected due to not supporting a public IP address, but instead they only support a domain name. Does anyone know any SSL certificate provider that supports public IP address instead of a domain…
hsym
  • 1,003
  • 3
  • 14
  • 26
1 2 3
99 100