Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
7
votes
4 answers

In theory, could a CA make a certificate that is valid for arbitrarily long?

In other words, could a CA issue a certificate that expires in 2 millennia, for example?
jcao219
  • 173
  • 1
  • 4
7
votes
3 answers

Does Azure support UCC/SAN SSL Certificates?

I have an Azure Web App that has 15 domain names associated with (i.e. all domain names map to the same application). I need to provide SSL for all 15 domains, pointing to the same Web App. My observations so far: Conventional SSL binding requires…
Simon Ordo
  • 171
  • 1
  • 2
7
votes
6 answers

Difference between wild card SSL

I have deployed SSL certificates on various websites however this wildcard SSL certificate is totally new to me. I have question that If I am buying a SSL certificate *.example-private.com, Will it work for *.staging.example-private.com Or Do I have…
Shailesh Sutar
  • 1,517
  • 5
  • 23
  • 41
7
votes
4 answers

Why does OpenVPN give the error: "unsupported certificate purpose" for an intermediate certificate?

EDIT: I'm really sorry to have to say that the problem has magically fixed itself and I have no idea why. In response to one of the answers, I removed all EKU from the CA chain and it didn't work. After coming back from vacation, I created the cert…
succulent_headcrab
  • 387
  • 2
  • 6
  • 12
7
votes
3 answers

SSL Certificate on Load balancer or server

I have a load balancer distributing traffic between two servers, the public facing urls are all https prefixed. I want to generate a wildcard ssl certificate but I am not sure if is better to place it in the load balancer or in the two servers?…
David Garcia
  • 235
  • 2
  • 3
  • 10
7
votes
3 answers

Let's Encrypt -- "DNS ... query timed out looking up CAA for ..."

I have been using Let's Encrypt on a few domains for a couple of months now, and it generally has been working. I was going through renewing the certs, and for one of the domains I get the following error message (in the returned JSON object at…
Michael
  • 231
  • 2
  • 8
7
votes
2 answers

SSL Cert for one domain and multiple IPs

I have a question about SSL certs and multiple servers. Question: I have one cert, one domain name and I have many servers that hold my website code. Example.com can point to IPs 192.168.1.1, 192.168.1.2,192.168.1.3, and 192.168.1.4. one for USA…
Kevin
  • 223
  • 3
  • 7
7
votes
1 answer

Is is possible to disable Certificate Transparency (audit log checking) of certificates in Chrome?

We utilize HTTPS deep packet inspection in our firewall via a trusted root certificate in the Windows certificate store. Chrome recently pushed forward with a feature to perform additional checks on certificate issuance called Certificate…
brandeded
  • 1,845
  • 8
  • 32
  • 50
7
votes
3 answers

The site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it

We're using an AWS ELB to do SSL termination and are having an issue where Chrome is displaying "https" in red with a strikethrough. It says "The site is using outdated security settings that may prevent future versions of Chrome from being able to…
Brad Dwyer
  • 263
  • 3
  • 8
7
votes
2 answers

Dovecot Certificate Authentication

After implementing certificate authentication on Nginx web server, I would like to do the same on Dovecot mail server. The idea is to create your own CA and manage certificates (both issuing and revoking). To verify the client certificate you need…
Daniel Iancu
  • 171
  • 1
  • 5
7
votes
1 answer

Replace wildcard certificate on multiple sites at once (using command line) on IIS 7.5

I have 3 websites: aaa.my-domain.com, bbb.my-domain.com and ccc.my-domain.com all using a single wildcard certificate *.my-domain.com on IIS 7.5 Windows Server 2008R2 64-bit. That certificate expires in a month and I have a new wildcard certificate…
Chris
  • 498
  • 6
  • 14
7
votes
3 answers

How can I get an OID for a certificate template?

I'm using C# (or VBScript) to issue a certificate from an Enterprise CA. According to this answer, I need to specify the OID instead of the certificate name, and place it in an unexpected portion of code. (IMHO I should place it where the null…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
7
votes
3 answers

Windows 2012R2 seems to automatically download and install intermediate root certificates

Whilst preparing a new Windows 2012R2 server for production I needed to install a (GlobalSign Domain) SSL certificate for the website powering our application. I did this by generating a certificate request, submitting to GlobalSign, then completing…
Kev
  • 7,877
  • 18
  • 81
  • 108
7
votes
2 answers

How to find out if an OpenSSL certificate was created by a certain private key?

I have an OpenSSl certificate. I also need the private key. I was told it is located somewhere on the server, and true enough, I found multiple SSL key files. Before I try them all by brute force: Is there a way I can find out on terminal if a…
k0pernikus
  • 4,170
  • 4
  • 17
  • 17
7
votes
2 answers

How to find out which server generated a CSR

I sent a client a CSR a few months ago and now they finally sent me back the CA response. However, there are multiple Windows 2008R2 servers and I don't remember which one I used to generate the CSR and, therefore, I don't know which server contains…
blizz
  • 1,134
  • 1
  • 26
  • 47
1 2 3
99 100