Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl-certificate]

SSL certificates are used to encrypt and authenticate connections to network servers, most popularly for web servers but also email, file transfers, and other network connections.

SSL (Secure Sockets Layer) is a protocol that is used to encrypt and authenticate connections between clients and servers. Certificates are configured on the server so that the client can verify that the connection has not been hijacked, as well as verify that the connection is secure from end to end.

3250 questions
13
votes
2 answers

Cost of getting in-house certificate authority trusted

My company has an in-house certificate authority that is currently self-signed. Since we want to start using it for external SSL and secure email to our customers, we need to get it trusted. Does anyone have a ballpark as to what it costs to get…
James Jones
  • 551
  • 2
  • 7
  • 15
13
votes
4 answers

Is there a difference between a self-signed certificate and one signed by your own CA?

We need to use SSL on our internal network for a few sensitive applications, and I need to know if there is a difference between a self signed certificate and one signed by a Windows Server CA that we setup? Do we need to setup a CA?
Max Schmeling
  • 849
  • 3
  • 10
  • 19
12
votes
3 answers

Old ssl cert still showing up in browser after installing new

We have an IIS ARR server which load balances out to two different individual IIS servers. The servers in question are our internal Staging servers. Three months ago I created a free Let's Encrypt SSL Cert to use on these servers. As is the case…
Casey Crookston
  • 363
  • 1
  • 3
  • 15
12
votes
4 answers

Set up certs for multiple domains in Postfix and Dovecot

I don't know how to set up main.conf postfix config file and 10-ssl.conf dovecot config files in order to make my mail server capable to handle with multiple certificates. Let me explain... I have two domains at the same server,…
p0lo
  • 121
  • 1
  • 1
  • 3
12
votes
4 answers

Apache: Validate SSL chain of trust to prevent MITM-attacks?

I just realized that SSL man-in-the-middle attacks are far more common than I thought, especially in corporate environments. I've heard about and seen myself several enterprises which have a transparent SSL proxy server in place. All clients are…
Aileron79
  • 259
  • 1
  • 7
12
votes
2 answers

Should a root certificate be included in a CA bundle?

I recently visited the Qualys SSL Server Test to confirm that a Namecheap certificate was installed properly. Everything looked fine except for one chain issue ("Contains anchor"): It seems that I should be able to resolve this issue by removing…
Chris Frederick
  • 271
  • 3
  • 9
12
votes
4 answers

How can an SSL certificate work for some clients only?

My hosting provider has recently re-issued and re-installed an SSL certificate for my domain, after they let the old one expire by mistake. I am now able to browse the website over HTTPS again, and so is my host, and so are a number of other…
Fabien Snauwaert
  • 251
  • 2
  • 3
  • 9
12
votes
6 answers

Using client certificates with wget

I cannot get wget to use the client certificates. The documentation speaks about using the --certificate flag. The use of the certificate flag is clear, I set it to use the PEM version of the client certificate. But when I connect I get the…
Doc
12
votes
2 answers

Can you get an Extended Validation SSL certificate that applies to unlimited subdomains?

Can you get an Extended Validation SSL certificate that applies to unlimited subdomains? Does it make technical sense? I'm using Digicert and they said that it wasn't possible to offer such a product.
MikeN
  • 8,442
  • 5
  • 23
  • 18
12
votes
3 answers

Apache reverse proxy config with SSL for Jenkins and Sonar

I am running two services behind an Apache server: Jenkins (Port 8080) and SonarQube (Port 9000). My apache config looks like this: ServerName server Redirect permanent / https://server.domain.com/
friederbluemle
  • 223
  • 1
  • 2
  • 7
12
votes
2 answers

SSL Certificate management with Powershell DSC

I have a third-party issued certificate that I need to ensure is running on all targets in a given domain. Is there a way to ensure this certificate is installed by way of DSC?
omencat
  • 225
  • 2
  • 8
12
votes
3 answers

Enabling SHA2 Certificate Support on Windows Server 2003

A little background information first. I have an SSIS package that runs inside a Windows Server 2003 SP2 32 bit environment. The package recently started failing with the following error during a script task which downloads a webpage using an SSL…
grin0048
  • 223
  • 1
  • 2
  • 5
12
votes
3 answers

SNI and wildcard SSL certificates on the same server with IIS

I'd like to host a website that should listen to subdomains (e.g. sub.domain.com) together with multiple websites that live just under a second-level domain (e.g. domain2.com, domain3.com) with IIS and with SSL. For the website with the subdomains I…
Piedone
  • 385
  • 1
  • 6
  • 18
12
votes
3 answers

Why issue a SSL certificate that expires in 2037?

In Firefox, if I view the Verisign Universal Root Certificate Authority, I notice that it expires in 2037. (Settings tab -> advanced -> view certificates -> VeriSign Universal Root Certification Authority -> View.) Why does it have a lifetime of 23…
user3298687
  • 131
  • 1
  • 3
12
votes
2 answers

Which FQDN hostname to use for SSL certificate signing request- when using a CNAME record?

We have a subdomain (https://portal.company.com) that is the alias for a different hostname (defined in a CNAME record). This dynamic DNS hostname (https://portal.dlinkddns.com) resolves to the public (dynamic) IP address of our office. At the…
Austin ''Danger'' Powers
  • 1,180
  • 6
  • 21
  • 51
1 2 3
99 100