Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
16
votes
2 answers

Can MS Certificate Services be a Subordinate to CA created with OpenSSL

I want to setup a enterprise certification authority for my domain. So I can issue certificates for various purposes. I would like to follow the best practice of having an offline CA as the root, and setup my enterprise CA as a subordinate. But…
Zoredache
  • 130,897
  • 41
  • 276
  • 420
15
votes
1 answer

Nginx client cert verification: ssl_client_certificate vs ssl_trusted_certificate

The documentation for ssl_client_certificate says: Specifies a file with trusted CA certificates in the PEM format used to verify client certificates and OCSP responses if ssl_stapling is enabled. The list of certificates will be sent to clients.…
jshort
  • 251
  • 1
  • 2
  • 6
15
votes
1 answer

How to configure nginx + ssl with an encrypted key in .pem format

I would like to set up ssl for an existing nginx server. I got handed both a certificate and the corresponding (encrypted) private key. Both are in .pem format (each in its own file). About all tutorials (e.g. 1) I found assume a key in the .key…
Zappl
  • 151
  • 1
  • 1
  • 3
15
votes
1 answer

How can I create a PKCS12 File using OpenSSL (self signed certs)

I have a bit9 server, and I'm fairly new to the environment, as well as certs. The area to upload the cert says "Import Server Certificate From PKCS12 File" I'm going to just use a self signed cert (I'm hoping it's ok with that), and I'm running…
trueCamelType
  • 1,086
  • 5
  • 20
  • 42
15
votes
2 answers

Is this SSL certificate chain broken and how to fix it?

For the SSL cert on the domain example.com, some tests tell me that the chain is incomplete and since Firefox keeps its own certificate store, it might fail on Mozilla (1, 2, 3). Others tell me it is fine, as does Firefox 36, which tells me that the…
Gaia
  • 1,855
  • 5
  • 34
  • 60
15
votes
2 answers

Purchase new SSL Certificate before existing one expires

I am currently transferring a new customer onto my virtual private server from their old host. They have an existing SSL certificate but it expires next month so I don't think it is worth the hassle of getting the details from the old host. Would…
jx12345
  • 265
  • 2
  • 9
15
votes
3 answers

Why does Android Chrome say my site's security certificate is not trusted?

My site is https://blendbee.com. It's using a PositiveSSL certificate that is valid. In Windows 8 Chrome the certificate is fine (green lock in top left corner). But...on my Android, it's not so fine. Screenshot: …
Kane
  • 262
  • 1
  • 2
  • 10
15
votes
3 answers

SSLCertificateChainFile Deprecation Warning on Apache 2.4.8+

We have an SSL Certificate for our website from Network Solutions. After upgrading Apache/OpenSSL to version 2.4.9, I now get the following warning when starting HTTPD: AH02559: The SSLCertificateChainFile directive (/etc/httpd/conf.d/ssl.conf:105)…
DOOManiac
  • 791
  • 6
  • 12
  • 26
15
votes
1 answer

How does this kind of SSL work?

"Issued to" and "Domain Name" doesn't match but still valid and accepted by all major browsers without any warning. While previewing my blog post in Blogger, I noticed that my blog was previewed via SSL. When I checked the certificate information, I…
user213598
15
votes
2 answers

nginx reverse ssl proxy with multiple subdomains

I'm trying to locate a high level configuration example for my current situation. We have a wildcard SSL certificate for multiple subdomains which are on several internal IIS servers. site1.example.com (X.X.X.194) ->…
BrianM
  • 185
  • 1
  • 2
  • 8
15
votes
4 answers

How to set up my own full-featured certificate authority?

I'd like to set up a certificate authority, which I can then import to all the company's browsers and systems to get rid of all those nasty client warnings when using HTTPS or SSL.
Ivan
  • 3,398
  • 19
  • 50
  • 71
14
votes
3 answers

Install AWS SSL Certificate to EC2 instance without load balancer

I'm new with AWS and facing some confusion with ACM SSL certificate installation to an EC2 instance. Is it possible to install the certificate without using ELB or Cloudfront. I don't need load balancer because the app is running on a single…
kevenlolo
  • 143
  • 1
  • 1
  • 5
14
votes
1 answer

Re-issuing self-signed root CA without invalidating certificates signed by it

I created a self-signed root Certificate Authority for a few internal services in our company, which I configured myself (mostly served over HTTPS). Then I created certificates for those services, signed with this CA. Now I want to add an x509…
AngerySysadmin
  • 143
  • 1
  • 8
14
votes
1 answer

Why did the format of nginx $ssl_client_i_dn suddenly change?

We are using client side certificates for authenticating one of our customers. Our setup is this: We have nginx in front of a Django application. In our nginx config, we have the required parameters to get the actual client-side-certificate…
Patrik Stenmark
  • 143
  • 1
  • 4
14
votes
1 answer

What happens when an SSL certificate is cancelled?

We are currently using an standard SSL certificate for a domain say example.com hosted on 300 servers. When someone request https://example.com, one of the server serves the request. Now, we want to upgrade our SSL certificate from Standard to one…
Kartik
  • 267
  • 2
  • 9
1 2 3
99 100