Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
18
votes
5 answers

Do any well-known CAs issue Elliptic Curve certificates?

Background I've seen that Comodo has an elliptic curve root ("COMODO ECC Certification Authority"), but I don't see mention of EC certificates on their web site. Does Certicom have intellectual property rights that prevent other issuers from…
erickson
  • 291
  • 1
  • 3
  • 10
18
votes
4 answers

Nginx SSL_do_handshake() failed SSL: error:1417D18C:SSL

Today we've installed a SSL certificate (from letsencrypt) on our server which hosts a very busy website. After a few hours we've noticed that we have some users are getting errors from nginx: 2018/03/28 13:04:48 [crit] 8997#8997: *604175694…
user1518820
  • 181
  • 1
  • 1
  • 3
18
votes
2 answers

Deploying ssl Certificates per site on iis

I currently have several sites deployed on an iis 8.5 server, each site has its own 80 and 443 binding, i need to have different certificates for each one of the hostnames configured on the machine, however when i want to edit the cert associated to…
Juan Sebastian
  • 1,233
  • 3
  • 10
  • 13
18
votes
2 answers

How to specify a client certificate to psql?

I have a Postgres server with a user dev which requires a client certificate to log in. I'm using the command psql "sslmode=require user=dev host=db.prod", which gives me psql: FATAL: connection requires a valid client certificate. I know where the…
Jorn
  • 501
  • 1
  • 4
  • 14
18
votes
3 answers

Apache seems to be using old expired certificate even though new one is installed

Apache 2.2.3/mod_ssl/CentOS 5.5 VPS Our certificate expired on 2011-10-06, and even though we have seemingly installed the new one correctly, browsing to the site still shows an expired certificate! I've tried deleting my browser cache and using…
Jordan Rieger
  • 388
  • 1
  • 6
  • 18
17
votes
1 answer

Why is my SSL certificate untrusted on Android?

The SSL certificate is trusted on most Desktop computers, but only some Android devices. However, even on Android devices where the certificate is untrusted, the root certificate is installed. I must have tried a hundered ways of resolving this…
magnus
  • 291
  • 1
  • 2
  • 7
17
votes
2 answers

OCSP validation - unable to get local issuer certificate

I'm new to setup SSL from the scratch and did my first steps. I bought a SSL cert from RapidSSL for my domain and followed there steps to install the cert. In general the cert is valid and working on my webserver(nginx v1.4.6 - Ubuntu 14.04.1 LTS),…
kapale
  • 405
  • 1
  • 3
  • 8
17
votes
3 answers

IIS 7.5 Creating self signed certificates with validation date of more than a year

I am creating self-signed SSL certificates in IIS 7.5 for internal use. The problem I have is that I want to create them so that they last for 10 years as it is only a dev environment. I can't see an option in IIS 7.5 where you can specify a the…
user1153199
  • 311
  • 1
  • 2
  • 5
17
votes
4 answers

SSL certificate selection based on host-header: is it possible?

Is it possible for a web server to select an SSL certificate to use based on the host-header of the incoming connection, or is that information that is only available after the SSL connection is established? That is, can my webserver listed on port…
DrStalker
  • 6,946
  • 24
  • 79
  • 107
17
votes
2 answers

Does issuing an SSL certificate at a new company immediately invalidate the certificates on our servers?

We have a wildcard certificate issued by GoDaddy coming up for renewal, and I would like to use a different company (which is yet to be chosen). The wildcard certificate is on use at a dozen sites across a few servers. There will be a gap of a few…
royappa
  • 297
  • 2
  • 9
16
votes
5 answers

Let's Encrypt SSL Certificate File Not Found Error, but still working

I'm running SSL Certificates from Let's Encrypt. I've got them installed on my Ubuntu machine running Apache. The setup works fine and I can launch the website, see the green padlock and even got an A+ on SSL Labs. The problem is that when I do…
jarvis
  • 2,006
  • 4
  • 18
  • 31
16
votes
1 answer

PEM File "CERTIFICATE" vs "PUBLIC KEY"

I have a PEM file that looks like: -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- which I can convert to another PEM file using: openssl x509 -in key.crt -pubkey -noout. The new PEM file now looks like: -----BEGIN PUBLIC…
Alex Rothberg
  • 481
  • 2
  • 4
  • 8
16
votes
3 answers

Understanding the output of openssl s_client

Ever since our email provider changed their SSL certificate, a POP3 client based on mono refuses to connect to their secure POP server to download emails. Other clients do not have an issue; e.g. Thunderbird and Outlook; neither does most SSL…
jobu1324
  • 485
  • 4
  • 9
  • 17
16
votes
2 answers

Multiple SSL vhosts using wildcard certificate in nginx

I have two hostnames sharing the same domain name which I want to serve over HTTPs. I've got a wildcard-SSL certificate and created two vhost configs: Host A listen 127.0.0.1:443 ssl; server_name a.example.com; root …
user99559
16
votes
4 answers

Postfix "warning: cannot get RSA private key from file"

I just followed this tutorial to set up a postfix mailserver with dovecot and mysql as backend for virtual users. Now I got the most parts working, I can connect to POP3(S) and IMAP(S). Using echo TEST-MAIL | mail myaccount@hotmail.com works fine,…
phew
  • 263
  • 1
  • 2
  • 6
1 2 3
99 100