Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
38
votes
2 answers

nginx permission denied to certificate files for ssl configuration

I'm installing an nginx ssl proxy on my Fedora server. I've created a cert and key pair under /etc/nginx. They look like this: ls -l /etc/nginx/ total 84 ... -rw-r--r--. 1 root root 1346 Sep 20 12:11 demo.crt -rw-r--r--. 1 root root 1679 Sep 20…
numb3rs1x
  • 513
  • 1
  • 4
  • 6
36
votes
3 answers

Moving servers and IPs will change. Do SSL certificates need to be re-issued and installed?

We are moving servers to another facility with different block of IP addresses. Will we need to get new SSL certificates issued and installed once the move has taken place? If so, is there any way to get prepared for this before the server is moved…
dmr83457
  • 727
  • 3
  • 9
  • 20
35
votes
4 answers

How to make Firefox trust system CA certificates?

Our network admin recently enabled HTTPS inspection on our firewall/router. For IE users this is fine because the certs have all been distributed via Active Directory for domain-joined machines. However, we have a number of Firefox users that are…
Wes Sayeed
  • 1,902
  • 6
  • 28
  • 43
35
votes
2 answers

Can I build my own Extended Validation SSL certificate?

I can create by own CA and generate a self signed SSL certificate this way. But what does it take to make the browser show the certificate as being an "Extended Validation SSL certificate" ? Can I create one myself and teach my browser to show it as…
Niels Basjes
  • 2,196
  • 3
  • 19
  • 26
35
votes
2 answers

Details on exact expiration datetime of an SSL certificate?

Let's say we have an SSL certificate for a site. According to a web browser, the certificate expires tomorrow, Dec 10 2011. OK, but that glosses over time zones. When will it expire, exactly? 00:00 local time of the server (e.g. ET) 00:00 local…
Greg Hendershott
  • 816
  • 1
  • 8
  • 12
35
votes
2 answers

Save Remote SSL Certificate via Linux Command Line

Can you think of any linux command-line method for saving the certificate presented by a HTTPS server? Something along the lines of having curl/wget/openssl make a SSL connection and save the cert rather than the HTTP response content. The gui…
Jim
34
votes
1 answer

Trusting an untrustworthy CA - Can I restrict how system trusts it?

(Posted to ServerFault instead of StackOverflow because I feel it concerns OS configuration more than programming code). I'm currently responsible for maintaining a system which connects to a third-party webservice. This webservice requires client…
Dai
  • 2,290
  • 8
  • 27
  • 43
34
votes
4 answers

How to generate .key and .crt file from JKS file for httpd apache server

I have the mycert.jks file only. Now i need to extract and generate .key and .crt file and use it in apache httpd server. SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key…
Sohan
  • 759
  • 1
  • 6
  • 12
34
votes
1 answer

Certificate does not have a name

I've installed an SSL certificate in IIS, however the 'Name' column is showing as blank even though I entered a friendly name. Is there any way to fix this?
Jonathan
  • 1,309
  • 2
  • 22
  • 29
33
votes
4 answers

Is the alert “SSL3_READ_BYTES:sslv3 alert bad certificate” indicating that the SSL failed

While running the below command openssl s_client -host example.xyz -port 9093 I get the following error: 139810559764296:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1259:SSL alert number…
kris433
  • 433
  • 1
  • 4
  • 5
33
votes
4 answers

How do I know if *.pem is password protected using ssh-keygen?

I have got a file myfile-privkey.pem. How do I check if the private key file is password protected using ssh-keygen?
Wojtek
  • 465
  • 1
  • 4
  • 6
33
votes
2 answers

How can I work around problems with certificate configuration in Remote Desktop Services?

I am setting up a Remote Desktop Services farm, and am having trouble configuring certificates for it to use. A demonstration of the problem I'm seeing can be found in Step #4. At this point I am convinced that there are problems with the user…
Michael Steele
  • 530
  • 1
  • 4
  • 12
32
votes
7 answers

Redirect non-www to www over SSL with Nginx

I'm having an error when trying to redirect https://example.com to https://www.example.com. When I go to https://example.com, it doesn't redirect and returns the page/200 status. I don't want this, I want it to redirect to…
Thomas V.
  • 2,071
  • 2
  • 17
  • 13
30
votes
1 answer

openssl keeps giving me "unknown option" errors

I'm trying to create an SSL cert for the first time. I have no idea how this works and am simply following some instructions provided to me. first command works fine: openssl genrsa -des3 -out privkey.key 2048 then the second command is giving me…
PetroleumJelliffe
  • 413
  • 1
  • 4
  • 5
29
votes
1 answer

What does "tlsv1 alert unknown ca" mean?

I am trying to do a curl request using a client certificate like so: curl -E my.pem https://some.site And I get the following error message: curl: (35) error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca What does this mean? Is…
grasevski
  • 401
  • 1
  • 4
  • 5
1 2
3
99 100