Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
6
votes
1 answer

OpenSSL - Add Subject Alternate Name (SAN) when signing with CA

How can I add a Subject Alternate Name when signing a certificate request using OpenSSL (in Windows if that matters)? I've generated a basic certificate signing request (CSR) from the IIS interface. Now, I'd like to add several subject alternate…
mechgt
  • 73
  • 1
  • 1
  • 6
6
votes
1 answer

Check if RHEL certs have been updated

I have a sample .pem file placed in /etc/pki/ca-trust/source/anchors, and I have run update-ca-trust, but I'm not sure how I can check if the command actually worked. I tried to cat /etc/pki/tls/certs/ca-bundle.crt for the contents of my sample .pem…
jackwise
  • 259
  • 1
  • 3
  • 9
6
votes
6 answers

Are Extended Validation SSL certificates effective?

Every time an SSL cert comes up for renewal, my provider tries to sell me an Extended Validation certificate. The big difference is the green address bar in FireFox and Safari for quadruple or quintuple the cost. Supposedly, the benefit (and reason…
sh-beta
  • 6,838
  • 7
  • 47
  • 66
6
votes
2 answers

Nginx letsencrypt OCSP stappling

I have set up nginx with SSL and letsencrypt certificates. However I am unable to get OCSP stappling to work. From what I found in the web, it should work with the following configuration, unfortunately it does not. My nginx vhost looks like…
lockdoc
  • 241
  • 3
  • 8
6
votes
1 answer

NGINX does not prompt for client ssl certificate

On our setup we want to promt a user for a client ssl certificate. All certificates are issued by StartSSL. The problem is that even though ssl_verify_client on; is set 'on', the website / browser does not prompt for the certificate. How can I get…
Flatron
  • 318
  • 2
  • 5
  • 19
6
votes
3 answers

Can AWS Certificate Manager (ACM) Certificates be used on Elastic Load Balancer Instances in Regions other than us-east-1?

Amazon has recently announced their new AWS Certificate Manager (ACM) service. This looks promising, but it is currently only supported in the us-east-1 region. I have existing resources in the us-west-2 region. Is it possible for me to create a…
MusikPolice
  • 173
  • 1
  • 7
6
votes
2 answers

SSL encryption with CNAME redirect

Here is my current architecture: I have a simple site hosted in the cloud that needs to be served from my company. Thus, mysite.com has a CNAME redirect to 1234.cloud.com. I understand that the SSL certificate needs to be created for…
Johnny D
  • 71
  • 1
  • 1
  • 3
6
votes
1 answer

How to extract X.509 certificate from live network traffic automatically on Linux OS

I will appreciate if someone can point me How to extract an X.509 certificate from live network traffic automatically during the handshake phase between client and server on Linux OS. A similar question has been asked quiet some time back…
Prasanth
  • 61
  • 1
6
votes
3 answers

Make firefox more accepting of self-signed SSL certs

Is there any plugin or setting for firefox that can simplify the invalid SSL certificate process to a single click, or even not put up any errors and just display a warning indicator? Working on a dev network using self-signed cerificates for…
DrStalker
  • 6,946
  • 24
  • 79
  • 107
6
votes
2 answers

Wildcard certificates with short hostnames?

I'm trying to generate a certificate with the following subjectAltName: hostname *.hostname hostname.mydomain.local *.hostname.mydomain.local I generate the CSR via OpenSSL and then get the certificate from Microsoft Active Directory Certificate…
Jakov Sosic
  • 5,267
  • 4
  • 24
  • 35
6
votes
1 answer

Can I use both RSA and ECC certificates in apache?

If I simply use "SSLCertificateFile" and "SSLCertificateKeyFile" twice, the certificate chain is broken for the first one. Can I use both RSA and ECC certificate which is issued from different intermediate CA certificate? ================== Update:…
lizitian
  • 61
  • 1
  • 3
6
votes
1 answer

The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) Firefox

A website wants to switch an SSL certificate from Network Solutions to Gandi. Everything seemed to be installed correctly except that there is an error being thrown in Firefox only. On Chrome and IE, there are no errors being thrown. It appears that…
jiminy
  • 179
  • 2
  • 2
  • 6
6
votes
1 answer

What SSL Certificate works WITHOUT an intermediate certificate?

We have a need to deploy a server app that has its own SSL certificate built in. This will get rolled to an unknown number of servers, that will go up and down. We can generate this certificate using any CA, but in the end, we will just have the 509…
Jonesome Reinstate Monica
  • 5,445
  • 10
  • 56
  • 82
6
votes
2 answers

I can't upload server certificate on AWS IAM

I got AWS iam working on my server, and trying to upload some certificates: aws iam upload-server-certificate --server-certificate-name domain2014 --certificate-body file:///var/www/html/certificate.pem --private-key…
Diego Sarmiento
  • 183
  • 3
  • 9
6
votes
6 answers

ssl_crtd helpers are crashing too rapidly in squid

I am using the sslBump and Dynamic SSL Certificate Generation features of squid, below is my configuration for the sslBump sslcrtd_program /usr/lib64/squid/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB sslcrtd_children 5 sslproxy_cert_error…
krupal
  • 111
  • 1
  • 1
  • 5
1 2 3
99 100