Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl]

SSL and its successor, TLS, are encryption and authentication protocols that encrypt the full contents of a TCP connection, as well as potentially verifying the identities of the devices making the connection.

SSL and its successor - TLS - is primarily used to encrypt the connection between two applications at the presentation layer. It is most often used to secure websites in the form of HTTPS protocol but can also be used for other protocols and applications.

7024 questions
3
votes
3 answers

Does Chrome support X509v3 Permitted Name Constraints?

I'm trying to set permitted name constraints on a private CA certificate. For example, I have the following constraints on my root certificate X509v3 Name Constraints: critical Permitted: DNS:.mytestdomain.local …
ceezy
  • 31
  • 2
3
votes
0 answers

mysqlx reported: failed at ssl configuration

I have MySQL 8 with the mysqlx plugin enabled running on a standalone server that will never allow access to 3306 from outside the instance and have no worries about security within the instance. I do not want the overhead of SSL connections for…
oucil
  • 557
  • 6
  • 21
3
votes
1 answer

SonarQube add corporate root CA

Good day everyone ! I have a simple problem, yet, not able to fix it. May I just need more coffee... Most probably... Anyway... I am using the official Docker images for SonarQube and need to connect Sonar to my auth server. That auth server can be…
yield
  • 771
  • 1
  • 9
  • 24
3
votes
1 answer

How to create an SSL certificate for an AWS application load balancer without a domain

I am trying to create a Cloudformation stack that can be provisioned by anybody (basically I want to share it either in the marketplace, or make it public in GitHub), which includes a set of EC2 instances behind an ALB (no autoscaling, but rather a…
Simon Ernesto Cardenas Zarate
  • 251
  • 1
  • 3
  • 12
3
votes
2 answers

Cannot enable TLSv1 and TLSV1.1 on Nginx and Centos 7

I need to enable TLSv1 and TLSv1.1 for backward compatibility. This is my setup. >>> nginx -V nginx version: nginx/1.16.1 (packages.exove.com: SSE2, openssl-1.1.1d, PCRE JIT, TCP Fast Open) built by gcc 7.3.1 20180303 (Red Hat 7.3.1-5) (GCC) built…
yooneskh
  • 131
  • 3
2
votes
1 answer

WildFly sending private key instead of certificate

I'm trying to configure a WildFly server running in Docker to use SSL: created a private key: keytool -genkey -alias axcelpk -keyalg RSA -keystore server.keystore -keysize 2048 -validity 1825 created a CSR: keytool -certreq -alias axcelPK -keystore…
Sylvain Girard
  • 123
  • 3
2
votes
2 answers

Adding cipher suites to nginx config the right way

I need to add ssl_ciphers in my nginx config. According to https://wiki.mozilla.org/Security/Server_Side_TLS the following are recommended cipher suites (with intermediate compatibility): Cipher suites (TLS 1.3):…
Hassan Baig
  • 2,325
  • 12
  • 29
  • 48
2
votes
1 answer

VSFTPD: 500 OOPS: unrecognised variable in config file: ssl_tlsv1_1

I am trying to setup FTPS on my AWS Linux server using VSFTPD. I have made FTP work already. Subsequently, I have followed the instruction found in various places on the Internet to enable SSL. However, when I try to restart vsftpd I get this…
mb87
  • 23
  • 1
  • 4
2
votes
1 answer

How to avoid downtime during MySQL RDS SSL Certs rotation

If you've received the following email from AWS: Update Your Amazon RDS SSL/TLS Certificates by February 5, 2020, you probably aware that SSL certs rotation procedure will cause an outage even for Amazon…
Dmitriy Royzenberg
  • 51
  • 3
2
votes
2 answers

How do you disable TLS 1.0 for a specific website in IIS 7?

Everything I can find on disabling TLS 1.0/1.1 and SSL 3.0 involves editing the registry to disable it at the server level. Unfortunately our website communicates with a vendor application that still requires TLS 1.1, and disabling it at the server…
CodeRedick
  • 277
  • 1
  • 4
  • 7
2
votes
1 answer

Make NGINX verify upstream SSL certificate against a custom domain?

I have a custom-managed domain when inside my corporate's intranet it resolves to an internal gateway machine, and when outside the intranet it resolves to Cloudflare. There's a website we want to provide access to both the intranet and the…
iBug
  • 1,212
  • 2
  • 13
  • 23
2
votes
2 answers

Are SHA-1 client certificates unsupported in W10 Edge/IE11?

I'm aware that SHA-1 server certificates that chain to Root CA certificates within Microsoft's Trusted Programme are unsupported by Edge and IE11 on Windows 10, as of a couple of years ago. We have an IIS web farm hosting our ASP.NET systems. The…
Lee
  • 73
  • 7
2
votes
0 answers

NGINX reverse proxy multiple custom SSL ports

EDIT: After the comments, more reading and several rounds with good colleagues we've come to the conclusion that as long as we do not have control over the back-end server, the usage of custom SSL ports will be impossible since we cannot instruct…
OnkelJ
  • 96
  • 8
2
votes
1 answer

Update Amazon RDS Certificate SSL Issue with MySQL Lambda

Like many people I have updated my Amazon RDS Certificate to CA_2019 from CA_2015. At first everything seemed fine but later on checking I noticed the mysql lambda function which i wrote to query the database is not working anymore.. Lambda is using…
Sabbir Ahmed
  • 21
  • 2
2
votes
1 answer

Run 2 SSL servers on 1 debian Pi, both FQDNs,1 Nginx 1 apache, wrong certificate, is this SNI issue?

I'm forced to use Nginx on a.ddns.net and Apache for b.ddns.net (reverse proxy solution too tricky due to established setups). Real server names edited but both verified as resolving to same IP and SSL certs verified with OpenSSL. Existing setups…
awsbarker
  • 21
  • 1
1 2 3
99
100