Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl]

SSL and its successor, TLS, are encryption and authentication protocols that encrypt the full contents of a TCP connection, as well as potentially verifying the identities of the devices making the connection.

SSL and its successor - TLS - is primarily used to encrypt the connection between two applications at the presentation layer. It is most often used to secure websites in the form of HTTPS protocol but can also be used for other protocols and applications.

7024 questions
19
votes
1 answer

"server certificate verification OK" but "ALPN, server did not agree to a protocol"

I am making a curl call curl -v ... https://... and the verbose output contains .... * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK .... * ALPN, server did not agree…
Craig Hicks
  • 677
  • 1
  • 5
  • 13
19
votes
5 answers

Two Way SSL Error - 400 The SSL certificate error just for client certificate

I am trying to configure two-way SSL with SSL certs (for server and client) signed by Intermediate CAs. This is what I have done so far following this tutorial. Server - nginx application Nginx is configured with SSL certificate (signed by an…
vikas027
  • 1,189
  • 2
  • 11
  • 15
19
votes
3 answers

Why would a hosting provider not allow SSL over port 443?

I am setting up a website and bought the SSL certificate for the domain of the website. When I asked the hosting company why https://www.example.com was refusing connections, they answered that SSL access was configured on port 41696. Of course,…
webtopf
  • 317
  • 2
  • 5
19
votes
1 answer

How to mitigate POODLE but keep SSLv3 support for old clients

How do I mitigate the POODLE attack, but still keep support for old clients such as IE6 on Windows XP or an e-mail client. I've noticed that google does this: https://www.ssllabs.com/ssltest/analyze.html?d=mail.google.com I'm using nginx and…
cypres
  • 601
  • 4
  • 13
19
votes
3 answers

choosing the right SSL certificate

We're looking to purchase some SSL certificates to secure the login pages of ecommerce sites. It is not required to secure the actual payment process as this is protected by a third party with its own verisign certificate. rapidSSL looks like a good…
robjmills
  • 990
  • 9
  • 26
19
votes
2 answers

Does it matter where the CSR and key files for SSL certification are generated?

I have to create a CSR for a wildcard SSL certificate. Some FAQs from SSL providers say that I should generate the CSR file on the machine where I want to install the certificate? My understanding is that it should not matter where I generate the…
Jan Deinhard
  • 2,383
  • 5
  • 26
  • 33
19
votes
2 answers

Does reissuing an SSL certificate invalidate the previously-issued certificate?

I used the "reissue certificate" functionality at a SSL certificate vendor (RapidSSL, FWIW) to get a new certificate - in doing so, I created and used a new private key and pass phrase. Will the re-issuance of this certificate cause the…
Cooper
  • 291
  • 1
  • 2
  • 4
19
votes
3 answers

SSH over HTTPS with proxytunnel and nginx

I'm trying to setup an ssh over https connection using nginx. I haven't found any working examples, so any help would be appreciated! ~$ cat .ssh/config Host example.net Hostname example.net ProtocolKeepAlives 30 DynamicForward 8118 …
Thermionix
  • 917
  • 2
  • 15
  • 28
18
votes
4 answers

HTTPS doesn't work with Safari

I have an EC2 instance with Apache as webserver (and Wildfly as app-server, although I'm not sure it has anything to do with this issue). In front of EC2 I have a load balancer which terminates HTTPS and applies the SSL cert. Both HTTP and HTTPS…
jola
  • 387
  • 1
  • 3
  • 12
18
votes
4 answers

Postfix, multi domains and multi certs on one IP

I've a postfix server which has multi domains and I want to have a specific cert per each. My server has only one IP. I've found a solution with multi IP, but without I don't know how to do this. Server : Debian 9 Postfix : 3.1.8
DSX
  • 385
  • 1
  • 4
  • 18
18
votes
5 answers

Do any well-known CAs issue Elliptic Curve certificates?

Background I've seen that Comodo has an elliptic curve root ("COMODO ECC Certification Authority"), but I don't see mention of EC certificates on their web site. Does Certicom have intellectual property rights that prevent other issuers from…
erickson
  • 291
  • 1
  • 3
  • 10
18
votes
4 answers

Nginx SSL_do_handshake() failed SSL: error:1417D18C:SSL

Today we've installed a SSL certificate (from letsencrypt) on our server which hosts a very busy website. After a few hours we've noticed that we have some users are getting errors from nginx: 2018/03/28 13:04:48 [crit] 8997#8997: *604175694…
user1518820
  • 181
  • 1
  • 1
  • 3
18
votes
2 answers

Deploying ssl Certificates per site on iis

I currently have several sites deployed on an iis 8.5 server, each site has its own 80 and 443 binding, i need to have different certificates for each one of the hostnames configured on the machine, however when i want to edit the cert associated to…
Juan Sebastian
  • 1,233
  • 3
  • 10
  • 13
18
votes
1 answer

My certificate issued by StartSSL is not accepted by my clients

I have requested a new class 1 server certificate from StartSSL today and it is working great with Apache and Dovecot + (Thunderbird/Outlook/OpenXChange ), but when I try to connect to the mail server using an Apple client (Mac/iPhone), I get an SSL…
Max
  • 183
  • 1
  • 4
18
votes
2 answers

How does a web server know which key pair to use for SSL decryption?

It is my understanding that when Apache receives a request to one of the TCP ports it is listening on (e.g. 80, 443), it will decide which host is being requested by looking at the HTTP header Host. The server will then know which virtual host it…
paolo
  • 387
  • 3
  • 14
1 2 3
99 100