Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
11
votes
4 answers

differences of SSL certificates?

What are differences of SSL certificates for web server, such like extended validation, Smart Seal, wildcards, single root? What certificates are appropriate for what needs?
Kazimieras Aliulis
  • 2,324
  • 2
  • 26
  • 46
11
votes
2 answers

4562605504:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE

The certificate of my website just expired, and I bought a new (free) one from AliCloud, downloaded one server.pem file and one server.key file. Then, I use openssl x509 -outform der -in server.pem -out server.crt to create the server.crt file. Then…
SoftTimur
  • 337
  • 2
  • 8
  • 16
10
votes
1 answer

How to generate a pem certificate? in an easy way, for testing

A third-party app I have requires a *.pem certificate to be able to open a wss connection. How can I generate a *.pem file, keeping in mind that I need that only for testing, therefore I want an easy, not necessarily a really secure way to do…
Raj
  • 129
  • 1
  • 1
  • 6
10
votes
2 answers

Can the same wildcard SSL certificate be used on different IP addresses and/or boxes?

Example: Wildcard SSL certificate for *.example.com installed on two different boxes. hostEU.example.com A 60.70.80.90 hostUS.example.com A 200.210.220.240 I assume this is a perfectly valid scenario, where the actual hostnames do not reside on…
mr-euro
  • 848
  • 3
  • 14
  • 31
10
votes
2 answers

Do web Servers send the certificate chain to the Web Client?

If my web server (latest Apache) has a valid (not expired or revoked) Verisign certificate chain (root -> intermediate -> leaf/my server), then does the server send the entire(?) chain to the client? Does the web client (e.g., latest Chrome) need to…
mellow-yellow
  • 441
  • 6
  • 15
10
votes
1 answer

Generate subdomain certificate from valid wildcard certificate

Giving the nature of SSL certificates and keys which can be chained, can I (myself) generate a certificate for a subdomain based on the main domain certificate and key which are issued for wildcard subdomains? The practice here is that I have to…
Tala
  • 267
  • 1
  • 3
  • 9
10
votes
2 answers

Change Key exchange mechanism in IIS 8

We are using RSA key exchange mechanism for SSL certificate. How can I change that to DHE_RSA or ECDHE_RSA? Due to using RSA, we are getting the below warning in chrome Your connection to website is encrypted with obsolete cryptography I'm using…
Karthik
  • 217
  • 1
  • 3
  • 6
10
votes
2 answers

HTTPS warning: works on desktop, warning on mobile

I installed a wildcard SSL certificate (*.vht.com) for my work and accessing the following website in chrome (or any desktop browser) https://tours.vht.com/fsviewer3/fss2.html works, but when trying to access using iOS or android(chrome) you will…
vhtuser3
  • 103
  • 5
10
votes
1 answer

Nginx redirect from old domain to new with ssl

I am trying to change the domain name for my site from https://www.myolddomain.se/ to https://www.mynewdomain.se/ The problem is that for my old domain I forced SSL on all pages and therefore all links on google and other sites are linked with…
user246341
  • 103
  • 1
  • 1
  • 4
10
votes
2 answers

Install a root certificate in CentOS 6

I know it has been already asked, but despite many hours of research I couldn't find a working solution. I am trying to install my root certificate in my server, so internal service can bind to each other using SSL. What should know about the new…
John White
  • 236
  • 1
  • 3
  • 10
10
votes
1 answer

Utilizing an alternate CA (Like Microsoft Certificate Services) with Puppet

I'm investigating whether I can somehow make the puppet ecosystem utilize our existing Microsoft Enterprise CA rather than being its own CA. Since puppet touts that all of the system is "standard SSL", my guess is that it is completely possible to…
Peter Grace
  • 3,456
  • 1
  • 27
  • 43
10
votes
2 answers

Why does apache httpd tell me that my name-based virtualhosts only works with SNI enabled browers (RFC 4366)

Why does apache give me this error message in my logs? Is it a false positive? [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) I have recently upgraded from Centos 5.7 to 6.3, and…
Arlukin
  • 1,203
  • 6
  • 18
  • 27
10
votes
2 answers

Determine if SSL certificate supports wildcard subdomains?

Hoping this is the right stack to ask in. If not, please direct me to the correct one. I am working with a client right now, and I need to know if their SSL certificate supports wildcard domains or not. The engineers on their side aren't aware of…
Geuis
  • 637
  • 3
  • 8
  • 20
10
votes
3 answers

Is it good practice to remove the password from a ssl cert?

I have read at several blogs now that one should remove passwords from SSL certificates in order to avoid password prompts during Apache restarts. Is this true and does this pose any security risks?
giorgio79
  • 1,837
  • 9
  • 26
  • 36
10
votes
3 answers

Stunnel won't work with SSLv3 from some hosts

WARNING: SSLv3 is obsolete. Consider disabling it altogether. I'm trying to set up Stunnel to server as SSL cache. Everything was smooth, and mostly it works as designed. Then I encountered errors in log files: SSL_accept: 1408F10B:…
Sergey
  • 948
  • 5
  • 10
  • 22
1 2 3
99 100