Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl]

SSL and its successor, TLS, are encryption and authentication protocols that encrypt the full contents of a TCP connection, as well as potentially verifying the identities of the devices making the connection.

SSL and its successor - TLS - is primarily used to encrypt the connection between two applications at the presentation layer. It is most often used to secure websites in the form of HTTPS protocol but can also be used for other protocols and applications.

7024 questions
17
votes
2 answers

Connecting to MySQL securely - MySQL's SSL vs Stunnel vs SSH Tunneling

We have a PHP application which connects to a MySQL server, and we wish to secure connections between the web & application servers and the database. At peak times, the web servers make many hundreds of concurrent connections to the database, and…
dastra
  • 305
  • 2
  • 5
17
votes
4 answers

SSL certificate selection based on host-header: is it possible?

Is it possible for a web server to select an SSL certificate to use based on the host-header of the incoming connection, or is that information that is only available after the SSL connection is established? That is, can my webserver listed on port…
DrStalker
  • 6,946
  • 24
  • 79
  • 107
17
votes
4 answers

IIS7: How to import public key and private key as two seperate files?

We have a client who is directing their traffic to our web servers and needs us to use their wildcard SSL certificate. They gave it to me in two pieces though, one is the public key (.cer) and another file containing the private key (.key). I can't…
James Alexander
  • 292
  • 2
  • 3
  • 9
16
votes
5 answers

HSTS on Amazon CloudFront from S3 origin

Is it possible to set HSTS headers on an Amazon CloudFront distribution from a S3 origin?
chrisvdb
  • 1,279
  • 2
  • 12
  • 15
16
votes
5 answers

Let's Encrypt SSL Certificate File Not Found Error, but still working

I'm running SSL Certificates from Let's Encrypt. I've got them installed on my Ubuntu machine running Apache. The setup works fine and I can launch the website, see the green padlock and even got an A+ on SSL Labs. The problem is that when I do…
jarvis
  • 2,006
  • 4
  • 18
  • 31
16
votes
3 answers

Why is Internet Explorer 11 unable to connect to HTTPS sites when TLS 1.2 is enabled?

Normally I don't use Internet Explorer at all. I use it only in design time for interface tests (development machine and with unencrypted http). Every week I run the SSL Labs server test which says IE11 is able to access my sites. Today I discovered…
burnersk
  • 2,056
  • 5
  • 27
  • 39
16
votes
4 answers

How do I specify subjectAltName in the openssl cli?

I'm generating a self-signed SSL cert: $ openssl req -x509 -newkey rsa:2048 -subj 'CN=example.com' I'd like to specify a subjectAltName also at creation time, but I cannot find info in the openssl manpage on how to do this.
Travis J Webb
  • 278
  • 1
  • 2
  • 7
16
votes
1 answer

Apache Bench: SSL handshake failing directly related to concurrency level

I ran some tests on ab and when I use a concurrency level of over 155 I get the following: SSL handshake failed (5). SSL handshake failed (5). SSL handshake failed (5). SSL handshake failed (5). SSL handshake failed (5). SSL handshake failed…
C_B
  • 263
  • 1
  • 2
  • 6
16
votes
3 answers

How can I use https with AWS Cloudfront without paying $600 to upload my cert?

I can host a dynamic website through Amazon CloudFront because they have CNAME Wildcard Support. However, some pages of my Site use HTTPS. Amazon have some documentation about how to associate your SSL certificate with a CloudFront distribution but…
Tom
  • 4,277
  • 11
  • 42
  • 52
16
votes
2 answers

Multiple SSL vhosts using wildcard certificate in nginx

I have two hostnames sharing the same domain name which I want to serve over HTTPs. I've got a wildcard-SSL certificate and created two vhost configs: Host A listen 127.0.0.1:443 ssl; server_name a.example.com; root …
user99559
16
votes
5 answers

Can I use the same wildcard certification for *.domain.com and domain.com

You can make an SSL certificate by using *.domain.com as the name. But unfortunately, this doesn't cover https://domain.com Is there any fix for this?
Unknown
  • 1,685
  • 6
  • 20
  • 27
15
votes
1 answer

Nginx client cert verification: ssl_client_certificate vs ssl_trusted_certificate

The documentation for ssl_client_certificate says: Specifies a file with trusted CA certificates in the PEM format used to verify client certificates and OCSP responses if ssl_stapling is enabled. The list of certificates will be sent to clients.…
jshort
  • 251
  • 1
  • 2
  • 6
15
votes
1 answer

How to configure nginx + ssl with an encrypted key in .pem format

I would like to set up ssl for an existing nginx server. I got handed both a certificate and the corresponding (encrypted) private key. Both are in .pem format (each in its own file). About all tutorials (e.g. 1) I found assume a key in the .key…
Zappl
  • 151
  • 1
  • 1
  • 3
15
votes
2 answers

SSL not working with Apache on Windows

I are using a product from a vendor that has to use Apache on Windows. We have our own CA. For naming purposes: AppServer - Server2012r2 - Apache 2.4 OldCertsha1 - Server2012r2 NewCertsha2 - Server2012r2 I created the CSR on the AppServer using the…
Anthony Fornito
  • 9,546
  • 1
  • 34
  • 124
15
votes
1 answer

Disable SSL check rpm

When trying to run any rpm command I get the follow error. I am not sure why i am getting a curl error but i have tried many different options which have all failed. Running CentOS7 and behind a proxy [root@CentOS7]# rpm -Uvh…
Anthony Fornito
  • 9,546
  • 1
  • 34
  • 124
1 2 3
99 100