Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
9
votes
1 answer

Meaning of ssl_ciphers line on nginx.conf

What is the meaning of the following line from an nginx.conf file? ssl_ciphers HIGH:!aNULL:!MD5; I know the ssl cipher is specifying which algorithm to use to secure the server communication and I'm assuming !aNULL and !MD5 is specifying to not…
nobody
  • 201
  • 1
  • 2
  • 7
9
votes
1 answer

Can't get Nginx to serve correct certificate chain

I'm trying to set up Nginx (1.4.6-1ubuntu3.1) with a StartSSL certificate. I've been following the documentation to get it working, but Nginx only serves the server certificate, not the intermediate. My server config: server { server_name…
lanzz
  • 399
  • 1
  • 2
  • 7
9
votes
3 answers

SSL certificate invalid in Chrome

For the website scirra.com (click for SSL Labs Server Test Results) Google Chrome reports the following icon: It's an EV SSL, and it seems to work fine in Firefox and Internet Explorer, but not Chrome. What is the reason for this?
Tom Gullen
  • 385
  • 4
  • 8
  • 24
9
votes
2 answers

How do I work out my certificate chain order manually?

Lets say I start with a certificate. Using openssl I can print it out like this: openssl x509 -in cert.pem -text -noout And I'll get some output such as Validity, Issuer and Subject along with Authority Key Identifier and Subject Key…
hookenz
  • 14,472
  • 23
  • 88
  • 143
9
votes
5 answers

Why is Windows 2012 R2 not trusting my self-signed certificate?

In a testing environment, I'm currently being held up from testing some things that need to be deployed soon (actually already, but you know how deadlines go...) because Windows refuses to trust the self-signed certificate we have in our isolated…
Kromey
  • 3,641
  • 4
  • 25
  • 30
9
votes
3 answers

Cannot create self-signed SSL certificate with IIS 7

I'm trying to create a self-signed certificate from within the IIS 7 snap-in, with little luck. When prompted for a friendly name for the certificate, I type in the name, and click OK, but then I am shown: There was an error while performing this…
Matt Hanson
  • 1,682
  • 1
  • 23
  • 34
9
votes
9 answers

Configured MySQL for SSL , but SSL is still DISABLED..!

I configured SSL for MySQL using the following script. #!/bin/bash # mkdir -p /root/abc/ssl_certs cd /root/abc/ssl_certs # echo "--> 1. Create CA cert, private key" openssl genrsa 2048 > ca-key.pem echo "--> 2. Create CA cert, certificate" openssl…
Sunrays
  • 128
  • 1
  • 1
  • 9
9
votes
3 answers

Why is site serving different SSL certs to different browsers?

The SSL certificate on menswearireland.com and on www.menswearireland.com works fine on Safari, Chrome, SeaMonkey, K-Meleon, QtWeb, Firefox, and Opera. However, Internet Explorer claims that there is an error: The security certificate presented by…
TRiG
  • 1,181
  • 3
  • 13
  • 30
9
votes
1 answer

Starfield Wildcard SSL Certificate Not Trusted in All Browsers

I am at a loss as to what else I might try in order to debug this issue with a Starfield Wildcard SSL Certificate. The problem is that in certain browsers (Safari or the most-updated chrome you can get for OS X 10.5.8 for example) the certificate…
Austen Cameron
  • 193
  • 1
  • 5
9
votes
5 answers

Ubuntu 12.04 LDAP SSL self-signed cert not accepted

I'm working with Ubuntu 12.04, using OpenLDAP server. I've followed the instructions on the Ubuntu help pages and can happily connect without security. To test my connection, I'm using ldapsearch the command looks like: ldapsearch -xv -H…
MaddHacker
  • 306
  • 1
  • 3
  • 9
9
votes
1 answer

How do I match a certificate file to a key file?

I have a SSL certificate that the former sysadmin was issued (crt file.) Searching the filesystem I found several .key files. How do I match the crt to the key file and confirm that they match? This is Ubuntu Server 11.10 with Apache2 modssl.
Malocchio
  • 101
  • 1
  • 5
9
votes
2 answers

How can I make apache request a client SSL certificate without needing to verify it against a known CA?

I'm using apache2 (2.2.3) to serve a site where I'd like to have clients authenticate with certificates. Since I only need to verify that a user presenting a particular certificate is the same user who has presented that certificate in the past,…
Isaac
  • 534
  • 2
  • 11
  • 24
9
votes
3 answers

openssl req -key server.key -out server.csr taking ages to complete

I am trying to generate my own self-signed ssl certificate with openssl so I can test them out on a dev server on nginx before I buy one. I have created the server.key but when I run the command openssl req -key server.key -out server.csr it just…
Oliver Bayes-Shelton
  • 366
  • 1
  • 3
  • 11
9
votes
2 answers

Does an SSL certificate work on CNAME'd urls?

Suppose I create sub domain per user, something like mysite.test.com which is secured under a wildcard ssl certificate. If I allow users to have their own custom url via a CNAME would the new url still be covered under the certificate or would I…
whatWhat
  • 529
  • 2
  • 5
  • 9
9
votes
5 answers

cURL or SSL problems, how to solve?

I keep getting this error: No cURL data returned for https://XXX.XXXX.XXX:XXXX [0] SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed I am not sure, or…
deadman
1 2 3
99 100