Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
10
votes
3 answers

error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure(35)

We have online shopping site. When I am going to checkout page i am getting a error like this "error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure(35)" From the apache error log i can see some attempts to connect to…
ArunS
  • 315
  • 1
  • 5
  • 16
10
votes
1 answer

Do SSL Certs containing two wildcards work (esp. on Let's Encrypt)?

I want to include two wildcards in an SSL cert (will be) signed by Let's Encrypt: *.*.thost3.de. Will this cert match any hostnames matching that rule (e.g. example.example.thost3.de, hello.world.thost3.de), and can Let's Encrypt accept such…
Emoji
  • 201
  • 1
  • 4
10
votes
1 answer

How do you buy an SSL Certificate?

My client has been using Thawte SSL certificates for some years which has been a reasonable investment, but upon renewing the prices seemed higher (maybe they are, maybe they aren't). I've in the meantime used GoDaddy SSL certificate which are quite…
Richard Testani
  • 267
  • 1
  • 2
  • 8
9
votes
6 answers

IPv6 Address in SSL Certificate

Is it at all possible to obtain an SSL certificate for an IPv6 address, for example https://[1234:5678:9000:abcd:9876:5432:10ab:cdef]? If so, are there any examples of such usage? Assume that setting up a personal root CA and installing on devices…
huanglx
  • 213
  • 1
  • 3
  • 6
9
votes
3 answers

Let's encrypt: Remove only one hostname from certificate

I have the following certificate: # certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log Found the following certs: Certificate Name: domain.example Domains: domain.example imap.domain.example mail.domain.example…
manifestor
  • 6,079
  • 7
  • 27
  • 39
9
votes
1 answer

SSL certificate in system store not trusted by Chrome

I have a gitlab server running in our company for which I have obtained a certificate signed by our company's CA. Since I can access the site from a machine within our domain without getting SSL errors, I'm assuming, that the server is configured…
LLlAMnYP
  • 213
  • 1
  • 2
  • 7
9
votes
1 answer

Wrong password during pfx certificate import Windows(10, 2016)

I've tried to import a *.pfx certificate and I get an error about "Wrong Password". The error only appears on some systems. I've tested this on a few Windows 10 computers and on one Windows Server 2016. Windows 10 (did not work): build…
Iced
  • 111
  • 1
  • 1
  • 4
9
votes
2 answers

Can I generate a CSR file for mod_ssl on a different machine to the production box?

The production VM won't be cloned for a few days but we need the CSR file now to buy the certificate. Can I just create the private key and CSR file on my own machine, supply the CSR file to the certificate authority in order to buy the…
codeinthehole
  • 313
  • 2
  • 6
  • 10
9
votes
1 answer

What is the ~/.rnd file in openssl and how to generate a new private key with it?

When I tried to run the following command to issue a new private key, which I use to host my web app via SSL: openssl genrsa -out example.key 2048 the following error occured: unable to write 'random state' e is 65537 (0x10001) After digging out…
Blaszard
  • 352
  • 2
  • 6
  • 14
9
votes
3 answers

How can I get a Let's Encrypt certificate for a non-public facing server?

I have a private Apache server, reachable only from my LAN on port 443, with a StartSSL certificate. Since Firefox 51 was released, I cannot connect to it any longer as the StartSSL root certificate was removed from the trust store. I considered…
Calimo
  • 410
  • 2
  • 6
  • 15
9
votes
2 answers

How can I find the installation date of a certificate in Windows?

I see the valid dates and such, but I'm looking for the date the certificate was actually installed.
Aaron Stainback
  • 225
  • 1
  • 2
  • 4
9
votes
2 answers

Can I use the new free SSL/TLS AWS certificates without ELB or Beanstalk on plain EC2?

AWS just announced free SSL/TLS certificates here: https://aws.amazon.com/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/ Mainly: SSL/TLS certificates provisioned through AWS Certificate Manager are free! and You can…
site80443
  • 113
  • 1
  • 1
  • 7
9
votes
1 answer

Can I get anSHA-256 certificate when the CSR is for SHA-1?

I've read: By default, OpenSSL cryptographic tools are configured to make SHA1 signatures. for example, if you want to generate a SHA256-signed certificate request (CSR) , add in the command line: -sha256 I was required to upgrade an existing…
joshua.paling
  • 1,225
  • 2
  • 11
  • 13
9
votes
2 answers

How to configure HAProxy for multiple SSL-Certificates

I need to configure HAProxy with two different SSL-Certificates www.example.com api.example.com Now I learned from a post on serverfault ( Configure multiple SSL certificates in Haproxy ) how to use 2 certificates, however the server continues to…
merlin
  • 2,093
  • 11
  • 39
  • 78
9
votes
3 answers

Nginx client SSL authentication

I have Nginx running purely as a proxy to a various number of web servers. One of our clients has asked us to use client certificates and has provided us 3 certificates for the 3 different machines that will connect to a webservice running on one of…
Drifter104
  • 3,773
  • 2
  • 25
  • 39
1 2 3
99 100