Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
8
votes
2 answers

Migrating puppet clients to new puppetmaster

How can I migrate our existing puppet clients to point to a new puppetmaster server? I'd rather not manually go to each client box and generate a new certificate. When trying the obvious -- rsync all the files from /etc/puppet and /var/lib/puppet to…
mrisher
  • 401
  • 1
  • 5
  • 12
8
votes
5 answers

Failed to configure CA certificate chain

I'm trying to setup SSL on fedora with apache. In my vhost... SSLCertificateFile /your/path/to/crt.crt SSLCertificateKeyFile /your/path/to/key.key SSLCertificateChainFile /your/path/to/DigiCertCA.crt I had it working fine with a self signed key,…
kron
  • 735
  • 2
  • 6
  • 8
8
votes
5 answers

Multiple wildcard names in a certificate

I would like to have a single webserver with a single certificate that hosts the following…
Zizzencs
  • 947
  • 1
  • 10
  • 22
8
votes
1 answer

What's a SSL certificate bundle?

I've just generated a SSL certificate with go daddy and I've downloaded the files: mydomain.com.crt gd_bundle.crt I'm now going to combine them but it is not clear what's the 2nd certificate is. Thanks
aneuryzm
  • 1,714
  • 5
  • 26
  • 41
8
votes
3 answers

What's the difference between: Verisign Thawte Geotrust Rapidssl certs?

Verisign owns all these certificate issuing companies: Verisign Thawte Geotrust and Rapidssl. What is the difference between them and why is the price difference so great? Update: Here are just a couple of differences I've come across: GeoTrust is…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
8
votes
4 answers

SSL connection errors from Apache

I'm running a (self-signed) SSL cert site on Apache/2.2.14 on Ubuntu 10.04, but various browsers are giving errors on half the connection attempts. Just now saw this transient error from Chrome: "Error 126 (net::ERR_SSL_BAD_RECORD_MAC_ALERT):…
Yang
  • 1,665
  • 6
  • 21
  • 35
8
votes
2 answers

SSL peer was unable to negotiate an acceptable set of security parameters

I followed section 1B of this guide to create a certificate and sign it on my own and set up Apache to use that certificate, but whenever I try to view my website securely, Firefox spits out this error: Secure Connection Failed An error occurred…
animuson
  • 279
  • 1
  • 6
  • 20
8
votes
3 answers

What minimum versions of operating systems and browsers are compatible with Google-managed SSL certificates?

Issuers of SSL certificates usually provide documentation of what minimum versions of OSes and browsers are supported by their solutions. Examples: Cloudflare Let's Encrypt However, I was not able to find such documentation for the Google-managed…
Greg Dubicki
  • 1,239
  • 1
  • 17
  • 33
8
votes
2 answers

Wildcard SSL with LetsEncrypt gives error

I want to create wildcard SSL for my website via LetsEncrypt. I followed the instruction and after running Certbot, it gives me a DNS challenge and says: Please deploy a DNS TXT record under the name _acme-challenge.db.example.com with the…
Fcoder
  • 341
  • 1
  • 4
  • 8
7
votes
2 answers

error:14004438:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert internal error

I have tried searching for this, and I have found things that are close, but I have not found anything that helps so far. I apologize in advance if this is already asked. I have a service which is behind an HTTP VIP, and that is working fine. Now I…
ashipma
  • 171
  • 1
  • 1
  • 3
7
votes
2 answers

Revoked SSL certificate

We're using Paypal SDK here: https://github.com/paypal/PayPal-NET-SDK To help handle our webhooks. We've started receiving the exceptions: PayPal.PayPalException: Unable to verify the certificate(s) found at…
Tom Gullen
  • 385
  • 4
  • 8
  • 24
7
votes
3 answers

How does HSTS handle mixed content?

I've just checked with the SSL Server Test if I implemented the SSL certificate on my server correctly. I got a grade A in their ranking but you can get an A+ if you have activated HSTS. After some seaching I found out that Google might treat HSTS…
Sr. Schneider
  • 185
  • 2
  • 6
7
votes
6 answers

How can I compare two SSL certificates?

What is the best way to compare two SSL certificates? Are there any authoritative tools? The reason I want to do this is I have 2 certificates, seemingly with the same properties, but one works and the other one doesn't. Just to be clear, I want to…
Matt
  • 1,571
  • 4
  • 15
  • 16
7
votes
1 answer

How much clock asynchronicity can secure protocols tolerate?

I've noticed that connections to a secure server got reset if time is out of sync on a server. I believe time synchronization protocols can be just as precise to the order of network latency with the external time servers, which could be as much as…
George Polevoy
  • 203
  • 2
  • 3
  • 6
7
votes
1 answer

SSL certificate working in chrome but not openssl s_client or curl

Google chromes update to version 58 started invalidating my self signed certificates a few days ago. It was complaining about missing subjectAltNames. I did some research and tried a couple of suggestions (which wouldn't work) but then found this…
Jason Joslin
  • 191
  • 1
  • 7
1 2 3
99 100