Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl]

SSL and its successor, TLS, are encryption and authentication protocols that encrypt the full contents of a TCP connection, as well as potentially verifying the identities of the devices making the connection.

SSL and its successor - TLS - is primarily used to encrypt the connection between two applications at the presentation layer. It is most often used to secure websites in the form of HTTPS protocol but can also be used for other protocols and applications.

7024 questions
31
votes
1 answer

Which permissions should I set to dhparam.pem?

I am generating Diffie-Hellman parameters for the ssl_dhparam directive in the SSL configuration of nginx. The file dhparam.pem is created with the command openssl dhparam 2048 -check -out dhparam.pem. Which permissions should I set to this file? Is…
Eric Bréchemier
  • 1,435
  • 2
  • 12
  • 8
31
votes
1 answer

How can I let nginx log the used SSL/TLS protocol and ciphersuite?

My goal is to ensure proper security for clients connecting to my nginx. I'm following Mozilla's guide to configure TLS properly on my nginx installation, but I don't have an overview of the actual protocols/ciphersuites being used in practice. What…
gertvdijk
  • 3,504
  • 4
  • 30
  • 46
30
votes
1 answer

HTTP over port 443 vs HTTPS over port 80

What is the difference between http://serverfault.com:443 and https://serverfault.com:80 Which one is more secure theoretically?
mohsinulhaq
  • 403
  • 1
  • 4
  • 6
30
votes
6 answers

Can OpenSSL be used to debug an SSL connection to a MySQL server?

I want my webserver to speak to the MySQL database server over an SSL connection. The Webserver runs CentOS5, the Database Server runs FreeBSD. The certificates are provided by a intermediate CA DigiCert. MySQL should be using ssl, according to…
Stefan Lasiewski
  • 23,667
  • 41
  • 132
  • 186
29
votes
1 answer

What does "tlsv1 alert unknown ca" mean?

I am trying to do a curl request using a client certificate like so: curl -E my.pem https://some.site And I get the following error message: curl: (35) error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca What does this mean? Is…
grasevski
  • 401
  • 1
  • 4
  • 5
29
votes
3 answers

Do I need a separate SSL certificate for a DNS redirect?

I am implementing a multi-tenant application where my application hosts and serves technical documentation for a tenant's product. Now, the approach that I was considering was - I host the documentation at docs..mycompany.com and ask my…
codematix
  • 401
  • 1
  • 5
  • 6
29
votes
5 answers

Is a Self Signed SSL Certificate a False Sense of Security?

Is a Self Signed SSL certificate a false sense of security? If you are being eavesdropped, the user will simply accept the certificate like he/she always does.
Andre
  • 1,341
  • 4
  • 19
  • 34
28
votes
2 answers

Curl: unable to get local issuer certificate. How to debug?

I’ve got an odd problem. Updated my LAMP dev machine (Debian) to PHP 7. Afterwards I cannot connect to a specific TLS encrypted API via Curl anymore. The SSL cert in question is signed by thawte. curl https://example.com gives me curl: (60) SSL…
Rob
  • 383
  • 1
  • 3
  • 6
28
votes
4 answers

How do I check if my SSL certificates have been revoked

The recent discovery of the heartbleed vulnerability has prompted certificate authorities to re-issue certificates. I have two certificates that were generated before the heartbleed vulnerability was discovered. After the SSL issuer told me to…
sridhar pandurangiah
  • 763
  • 2
  • 11
  • 29
28
votes
4 answers

Why wget doesn't verify SSL certificates?

I have a problem with my Fedora 8 installation. It looks that wget doesn't know how to verify SSL certificates any more. It's strange because I have another Fedora 8 box which I believe has the same configuration and it works! How can I make it…
tomazy
  • 473
  • 1
  • 6
  • 8
27
votes
2 answers

Nginx: force SSL on one path, non-SSL on others

How do I set up Nginx conf file to force SSL on only one of the paths in my site and non-SSL on all the rest? For example, I want all of the URLs under /user to be https but all the rest of the URLs to be http. For the first part I have: rewrite…
pbreitenbach
  • 375
  • 1
  • 3
  • 6
27
votes
1 answer

Import .pem into IIS 7

I was given two .pem files to import. I did not generate these files. Can I import them into IIS 7 or do they have to be converted into another format? I know that IIS likes .pfx - can .pem's be converted if necessary? Any help is greatly…
divided
  • 367
  • 1
  • 4
  • 11
26
votes
2 answers

Can a server certificate expire after its issuer?

Most if not all server certificates that I work with expire before its issuer, but is it possible for a server certificate to expire after its issuer and does this apply to an intermediate certificate as well (expire after the root certificate)? If…
Tumelo Galenos
  • 381
  • 4
  • 8
26
votes
2 answers

Retrieving an RSA key from a running instance of Apache?

I created an RSA keypair for an SSL certificate and stored the private key in /etc/ssl/private/server.key. Unfortunately this was the only copy of the private key that I had. Then I accidentally overwrote the file on disk (yes, I know). Apache is…
Nathan Osman
  • 2,725
  • 7
  • 32
  • 46
26
votes
4 answers

What is the difference between SFTP port 22 or port 990?

I know that explicit "negotiated" FTPS is preferred, because it still uses the standard port 21 with that method but in regards to "implicit" non-negotiated FTPS using a standard port of 990 vs. port 22 (which I have seen some people describe), why…
djangofan
  • 4,182
  • 10
  • 46
  • 59
1 2 3
99 100