Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
9
votes
3 answers

Why does a web server's public key certificate have to be signed by a certificate authority?

In other words, what would be the security risk of not signing public key certificates by certificate authorites (from a user perspective)? I mean, the data is still encrypted... What could a man in the middle do with a non signed certificate?
Olivier Lalonde
  • 753
  • 3
  • 13
  • 20
8
votes
2 answers

Which ssl certificates go where on an reverse proxy? - nginx

Need clarification for upstream SSL on an nginx reverse proxy server I've been reading the nginx docs regarding reverse proxy and securing ssl connections to upstream servers but I'm still confused about which ssl certificates go where. Many of the…
Altimus Prime
  • 364
  • 2
  • 7
  • 22
8
votes
1 answer

Self signed ssl I created for localhost cannot be trusted even though I have already imported it to chrome

I am creating https server side that I am using to practice OAuth to Instagram which requires https. I generated a certificate using ssl by running the script from the following link:…
alexW
  • 81
  • 1
  • 2
  • 4
8
votes
2 answers

Is It OK to Use AD Issued Computer Certificates for IIS?

I'm using AD-Certificate Services to issue computer certificates to domain joined Windows computers(both servers and workstations). These certs are obtained via the auto-enroll process defined by Active Directory. My question is: if these computer…
aaron
  • 81
  • 4
8
votes
2 answers

SSL certificate and Azure classic load balancer

I have 2 VMs behind a load balancer on Azure. I created a new SSL certificate via Let's Encrypt on one of the VMs using the domain that is assigned to the load balancer. When I connect to that VM directly via IP I see the certificate loaded, but I'm…
Vedran
  • 183
  • 1
  • 1
  • 5
8
votes
2 answers

How do I issue multiple certificates for the same Common Name?

I am creating a Certificate Authority for an intranet. I have generated a root and intermediate CA and successfully signed a server certificate using the intermediate CA. The server certificate has CN=mysite.com. In the future this server…
spraff
  • 549
  • 4
  • 8
  • 18
8
votes
1 answer

Use LetsEncrypt certs with Neo4j

How can one use the certificate files generated by LetsEncrypt together with a Neo4j instance? The files generated by LetsEncrypt are: cert.pem chain.pem fullchain.pem privkey.pem I've tried conversion via OpenSSL with no luck so far, using…
Michael Johansen
  • 233
  • 1
  • 2
  • 12
8
votes
10 answers

Using Lets Encrypt certificates with openLDAP

I've been running an openLDAP server for several months now and we use it to authenticate for a number of applications. A previous staff member set up the server and it doesn't seem to be a standard installation but it's pretty…
shaneoh
  • 414
  • 3
  • 7
  • 19
8
votes
1 answer

IIS 8 - Default SSL Site Breaks SNI

We have the following scenario in testing SNI on Windows Server 2012 R2 with IIS 8. Domain names and IP addresses listed below are fake and for example only. WEB SITE NAME IP ADDRESS Host Name/Header (SNI) Certificate…
Beems
  • 294
  • 3
  • 11
8
votes
3 answers

CA Certificate not trusted by Firefox

My domain bytecode77.com (analytics) is using a RapidSSL certificate. Firefox doesn't trust that one, so I installed a CA certificate. I used the one below. I placed it in /usr/local/share/ca-certificates/ca.crt and I ran update-ca-certificates.…
bytecode77
  • 253
  • 4
  • 11
8
votes
2 answers

Creating sub certificates from a root certificate (SSL)

If I purchase a signed certificate for example.com, can I then produce sub-certificates for a.example.com and b.example.com? These sub-certificates would have PEM files whose privacy cannot be assured. Can I do this, maintaining the privacy of the…
chrism2671
  • 2,579
  • 9
  • 34
  • 45
8
votes
1 answer

nginx: No client certificate CA names sent

I have nginx and want it to verify client certificates. So I bought commercial certificate for server, and non-commercial for clients. Basically I've generated client certificates with easy-rsa scripts. Connecting with client certificates validation…
adontz
  • 337
  • 5
  • 12
8
votes
2 answers

Apache's deprecated SSLCertificateChainFile directive (AH02559)

Recently I've upgraded Apache from 2.2 to 2.4 and I cannot figure out how to deprecate a SSLCertificateChainFile directive. The error: me@jessie:~$ sudo apache2ctl configtest AH02559: The SSLCertificateChainFile directive…
Neurotransmitter
  • 468
  • 1
  • 6
  • 17
8
votes
4 answers

OpenSSL cannot convert PKCS12 exported from Cisco ASA 55xx

I have exported an existing certificate+key from an ASA 5510: asa5510(config)# crypto ca export MYTRUSTSTORE pkcs12 MYPASSWORD Saved the output in a file (vpn-cisco.pkcs12), and now I am trying to pull the cert and the key into separate files like…
dyasny
  • 18,802
  • 6
  • 49
  • 64
8
votes
1 answer

How to add an existing key to the certutil key database

I have created an SSL keypair with OpenSSL. I uploaded the Certificate Signing Request to my SSL Certificate provider and got my certificate files. I added my certificate and the required CA certificates to the certificate database using certutil.…
Steven Roose
  • 185
  • 1
  • 1
  • 6
1 2 3
99 100