Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [x509]

X.509 is an ITU-T standard commonly used for public key infrastructure (PKI) and for privilege management infrastructure (PMI).

X.509 is an ITU-T standard for privilege management infrastructure (PMI) and a public key infrastructure (PKI).

Related articles

107 questions
2
votes
1 answer

Limiting power of a trusted certificate

I am creating a site with my own CA and signing client certs with it. The clients will need to add my CA as a trusted source, but for security reasons I don't want them to blindly trust everything that could be signed with the CA key, so I want to…
user1156544
  • 127
  • 6
2
votes
0 answers

OpenSSL - Create Cross Intermediate Certificate from 2 Root CAs

Good evening all, I have 2 servers running in different datacenters which are both connected using OpenVPN. Both servers have their own ca-server who is able to sign new certificates using intermediate certificate, which are currently signed by an…
Genpc
  • 21
  • 3
2
votes
3 answers

Forwarding logs from rsyslog to graylog over tls

I'm trying to forward logs from rsyslog to graylog over tls. rsyslog configuration: # make gtls driver the default $DefaultNetstreamDriver gtls # # # certificate files $DefaultNetstreamDriverCAFile…
Zombaya
  • 123
  • 1
  • 5
2
votes
0 answers

Trust certificate for OCSP, but not for client certs?

According to the nginx docs, you can specify certificates to be trusted for both OCSP response and client certificate verification: ssl_trusted_certificate / ssl_client_certificate Specifies a file with trusted CA certificates in the PEM format…
dst
  • 146
  • 4
2
votes
0 answers

Tomcat 7: how to log x509 cert dn with AccessLogValve

I have Tomcat7 running on RHEL6 with mutual authentication using x509 certificates for the entire container. From the user point of view in the browser, everything seems to work fine with a cert challenge. This is on an intranet with a proxy. My…
user330855
  • 21
  • 1
2
votes
2 answers

DER encoded hash

according to the manpage of stunnel4 the certificates in this directory should be named XXXXXXXX.0 where XXXXXXXX is the hash value of the DER encoded subject of the cert (the first 4 bytes of the MD5 hash in least significant byte order). How can…
exeral
  • 1,787
  • 11
  • 21
2
votes
1 answer

Why can't I enter a PEM Pass Phrase in the prompt?

I am trying to install an SSL certificate on my WAMP server. W:\wamp\bin\apache\apache2.2.22\bin>echo %OPENSSL_CONF% w:\wamp\bin\apache\apache2.2.22\conf\openssl.cnf W:\wamp\bin\apache\apache2.2.22\bin>openssl req -x509 -new -out my.root.ca.crt…
ShoeLace1291
  • 129
  • 1
  • 1
  • 2
2
votes
1 answer

Alternatives to a Trusted Root certificate

Given a SSL-protected site that was formerly whitelisted (Allow from x.x.x.x etc), and and a requirement from a customer to change the way authentication works, to use X.509 HTTPS Client verification. The problem with this is that none of "the…
Tom O'Connor
  • 27,480
  • 10
  • 73
  • 148
2
votes
2 answers

Can you re-use a SSL certificate across platforms?

Let's say I want to buy a wildcard SSL that I can use for web servers, spanning across a multitude of different servers and platform. I could issue a CSR for each and every one of them, with their own private-public key pairs, but would it be…
jishi
  • 868
  • 2
  • 11
  • 25
2
votes
2 answers

x509 Authentication for SSL IRC

Does anyone know if it's possible to do client authentication with x509 signed certificates on any IRCd server? We'd like to set up a work irc server (yes, that's really what we want), but it'd be a bugger to have it inside our VPN. We know we can…
Tom O'Connor
  • 27,480
  • 10
  • 73
  • 148
2
votes
1 answer

How to setup a reverse proxy to enable HTTP access with basic authentication to an internal HTTPS server that requires a certificate

We have an internal server that requires x509-based authentication, but I've been requested to open it up with a basic user/password authentication. I've been trying to setup a reverse proxy in apache that uses a trusted certificate to connect to…
RogerFC
  • 344
  • 1
  • 2
  • 11
2
votes
4 answers

Is there a provider that offers free SSL certificates that don't give a warning in Firefox 4?

I am looking to install SSL certificates for frequently used https services. I used to use StartSSL for this, but they "temporarily" stopped offering their services. I wonder if there are any other providers that offer similar services? I am aware I…
ujjain
  • 3,983
  • 16
  • 53
  • 91
2
votes
1 answer

REMOTE_USER = SSL_CLIENT_S_DN_CN under x509 with +FakeBasicAuth in Apache. Is it possible?

Hi I'm trying to incorporate a software to our intranet services (BackupPc) This Software uses the environment variable REMOTE_USER to get the username. Placed under an Apache 2.2 server with Client certificate Authentication system and…
theist
  • 1,229
  • 2
  • 10
  • 24
2
votes
1 answer

Client-side certificates (Apache, Linux, OpenSSL)

My company purchased a wildcard certificate from a vendor. This certificate was successfully configured with Apache 2.2 to secure a subdomain. Everything on the SSL side works. Now I'm required to generate x509 client-side certificates to issue for…
walshms
  • 55
  • 3
2
votes
2 answers

Can I restrict SSL access to Tomcat by Extended Key Usage?

I'd like to restrict the SSL access to a Tomcat instance using certificates, and not relying on any "user" accounts. I have a CA which is being used to sign the certificates, but if I configure Tomcat to trust the CA then it will trust anyone…
Zac Thompson
  • 1,033
  • 10
  • 10
1 2
3
4 5 6 7 8