Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
23
votes
2 answers

Nginx verifying client certs only on a particular location

We use Nginx as a reverse proxy to our web application server. Nginx handles our SSL and such but otherwise just acts as a reverse proxy. We want to require a valid client cert for requests to /jsonrpc but not require them anywhere else. The best…
Eli Courtwright
  • 449
  • 1
  • 5
  • 14
22
votes
6 answers

Nginx. How do I reject request to unlisted ssl virtual server?

I have a wildcard SSL certificate and several subdomains on the same ip. Now I want my nginx to handle only mentioned server names and drop connection for others so that it'd look like nginx is not running for unlisted server names (not responding,…
andbi
  • 343
  • 1
  • 3
  • 9
22
votes
4 answers

How to create an SSL certificate for more than one subdomain?

I'm running a server "myserver.net", which has the subdomains "a.myserver.net" and "b.myserver.net". When creating (self-signed) SSL certificates, I have to create one for every subdomain, containing the FQDN, even though those subdomains are just…
polemon
  • 585
  • 2
  • 8
  • 21
22
votes
6 answers

Client on Debian 9 erroneously reports expired certificate for letsencrypt-issued domain

If I try to access our HTTPS server that has certbot-issued certificate from debian 9, I get the following error: # curl -v https://hu.dbpedia.org/ * Trying 195.111.2.82... * TCP_NODELAY set * Connected to hu.dbpedia.org (195.111.2.82) port…
P.Péter
  • 569
  • 2
  • 6
  • 24
21
votes
3 answers

Chrome reports ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY connecting to local web server over HTTPS

Summary Chrome is reporting ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY when I try and connect to my local web server over HTTPS. I am almost certain this problem has to do with my recent Windows 10 upgrade, but I don't know how to fix it. What…
NathanAldenSr
  • 365
  • 1
  • 2
  • 10
21
votes
5 answers

Listing domains on a UCC/SAN SSL Certificate

Is there a way to list all domains on an SAN/UCC SSL Certificate (ideally using command line on linux/os x)? Clearly there must be some way to extract the data, since browsers can do it. Unfortunately, I can see the list but can't cut and paste it.
Jordan Reiter
  • 1,290
  • 4
  • 20
  • 40
21
votes
6 answers

certutil: function failed: security library: bad database

when I'm using certutil it returns this error: certutil: function failed: security library: bad database. e.g. I can't list certs or keys How Can I fix this?
Zim3r
  • 1,454
  • 5
  • 24
  • 45
20
votes
3 answers

Some systems cannot connect to ldap via ldaps, but others can, is it the wildcard cert?

When trying to make ldaps connections to my Novel eDirectory 8.8 server, sometimes I have to put TLS_REQCERT never in the client servers ldap.conf file. Obviously, this is a bad idea. The command I run is something like this with credentials that…
David R.
  • 627
  • 3
  • 6
  • 18
20
votes
3 answers

Cant connect to mysql using self signed SSL certificate

After creating a self-signed SSL certificate, I have configured my remote MySQL server to use them (and SSL is enabled) I ssh into my remote server, and try connecting to its own mysqld using SSL (MySQL server is 5.5.25).. mysql -u -p --ssl=1…
carpii
  • 541
  • 2
  • 4
  • 12
20
votes
3 answers

SSL Certificate Class 2 vs Class 3 vs Class 4

I just got a "Premium EV SSL Certificate" form GoDaddy.com. Apparently as of 8 months ago GoDaddy doesn't provide Class 3 Certificates. (http://support.godaddy.com/groups/go-daddy-customers/forum/topic/what-class-is-my-cert/) They also metntioned…
jneff
  • 235
  • 1
  • 3
  • 7
19
votes
5 answers

How to install Certbot on Amazon Linux EC2

I have an Amazon EC2 box. I have installed Apache, MariaDb and PHP on it. Among other things, I want to host a couple of WordPress websites on the EC2. How do I go about installing Certbot on Amazon Linux so that I may issue SSL certificates for the…
J86
  • 401
  • 3
  • 8
  • 15
19
votes
5 answers

Two Way SSL Error - 400 The SSL certificate error just for client certificate

I am trying to configure two-way SSL with SSL certs (for server and client) signed by Intermediate CAs. This is what I have done so far following this tutorial. Server - nginx application Nginx is configured with SSL certificate (signed by an…
vikas027
  • 1,189
  • 2
  • 11
  • 15
19
votes
3 answers

choosing the right SSL certificate

We're looking to purchase some SSL certificates to secure the login pages of ecommerce sites. It is not required to secure the actual payment process as this is protected by a third party with its own verisign certificate. rapidSSL looks like a good…
robjmills
  • 990
  • 9
  • 26
19
votes
2 answers

Does it matter where the CSR and key files for SSL certification are generated?

I have to create a CSR for a wildcard SSL certificate. Some FAQs from SSL providers say that I should generate the CSR file on the machine where I want to install the certificate? My understanding is that it should not matter where I generate the…
Jan Deinhard
  • 2,383
  • 5
  • 26
  • 33
18
votes
4 answers

Postfix, multi domains and multi certs on one IP

I've a postfix server which has multi domains and I want to have a specific cert per each. My server has only one IP. I've found a solution with multi IP, but without I don't know how to do this. Server : Debian 9 Postfix : 3.1.8
DSX
  • 385
  • 1
  • 4
  • 18
1 2 3
99 100