X.509 is an ITU-T standard commonly used for public key infrastructure (PKI) and for privilege management infrastructure (PMI).
X.509 is an ITU-T standard for privilege management infrastructure (PMI) and a public key infrastructure (PKI).
Questions tagged [x509]
107 questions
2
votes
1 answer
Finding out if a certificate is due for renewal without triggering the actual renewal with Certbot
I am trying to use Certbot to allow for semi-automated certificate updates. I don't want fully-automated updates to avoid automatic certificate replacements that could interrupt business and ensure that a sentient administrator is available when the…
aef
- 1,745
- 4
- 25
- 43
2
votes
1 answer
Why OCSP stapling on NGINX for "buypass" DV certs fails without explicit root declaration?
tl;dr
For buypass DV certs fetched by certbot I need to explicitly tell NGINX to trust buypass root cert to enable OCSP stapling. This is not the case for Let's Encrypt certificates and I cannot figure out why. I have found a way (see bellow) which…
Yan Foto
- 131
- 6
2
votes
1 answer
How to make Certbot respect Debian standards for certificate deployment?
Certbot seems to manage X.509 certificates and private keys in its own directory structure in /etc/letsencrypt.
On Debian-based systems (including Ubuntu, Linux Mint and others) X.509 certificates are classically stored in /etc/ssl/certs and private…
aef
- 1,745
- 4
- 25
- 43
1
vote
2 answers
Exchange 2013 clients receive error 500 or unable to send mails
We have windows 2012R2 with Exchange 2013, we had public ssl certificate that was used both for external and internal users. We decided to not renew certificate and sign a new one with our domain controller CA.I followed this article to configure…
Никита
- 11
- 4
1
vote
1 answer
Unable to load certificate key C:apache-tomcat-8.5.38conf/abc.key (error:0909006C:PEM routines:get_name:no start line)
Need help on below error: Just added a new certificate and copied key , chain and crt to /conf. after starting the tomcat getting below error.
I read in blog that needs to add native="false" in subsystem , may i know whee that needs to be…
Ahemad Ali
- 11
- 2
1
vote
0 answers
How does certutil determine that a cert is revoked
I'm testing that an x509 certificate can be correctly determined to be revoked. I'm taking the cert from https://revoked.badssl.com and verifying it via certutil. When my system is online, it seems to pull the CRL and determine that it is revoked. I…
Stealth Rabbi
- 111
- 4
1
vote
1 answer
Authenticate to LXD rest API over network , certificate auth keeps failing
I am trying to access LXD REST API over the Network.
Followed : Link to Doc.
lxc config set core.https_address "[::]:8443"
lxc config set core.trust_password
curl -s -k --cert ~/.config/lxc/client.crt --key…
Maharshi Raval
- 63
- 2
- 8
1
vote
1 answer
Block Subject Alternative Names in ADCS
I am managing a Windows 2008 ADCS CA and have been aware of the security risks in issuing certificates with SANs. So I tested issuing a PKCS10 file with SANs in the request and it issued the certificate with the SANs when it's supposed to be…
JuanKB1024
- 133
- 1
- 2
- 7
1
vote
1 answer
How can I select a certificate from a PEM file with multiple certificates?
Background info: I am working on an OS X server, and I need to use certificates from the key chain with openssl smime in order to encrypt messages in a bash script. In order to do so, I use the security find-certificate with the -e option to extract…
not2savvy
- 206
- 1
- 10
1
vote
1 answer
Google App Engine The SSL certificate provided could not be inserted. xn- domain
I try installing Comodo Certificate that I ordered in SSLs.com on Google App Engine Custom Domain. But I have error:
The SSL certificate provided could not be inserted.
I checked that my key is 2048-bit length:
# openssl rsa -in myserver2.key.pem…
Aleksey Popryadukhin
- 111
- 4
1
vote
1 answer
How to get Subject from client certificate issued as a claim in ADFS?
I'm using Certificate Based Authentication in ADFS 3.0 and need to get the Subject field from the client certificate issued as a claim, but it's not available as an incoming claim to ADFS.
When I enable auditing I can see that it's present in the…
Amethi
- 123
- 6
1
vote
3 answers
Can one domain have 2 or more SSL certificates?
I have googled and found this post: https://security.stackexchange.com/questions/46988/is-it-technically-possible-to-configure-two-different-ssl-certificates-for-the-s
If it actually is possible, then what stops me, say from getting an SSL…
Round Potato
- 29
- 1
- 2
1
vote
1 answer
Error 207: ERR_CERT_INVALID
I'm trying to make it so people can create a private key via the browser via the element and then after have it so that an X.509 cert is sent to them that's then installed into the browser. But I can't seem to get it to…
neubert
- 317
- 8
- 26
1
vote
1 answer
Can OpenDirectory on OS X reasonably be configured to use an intermediate CA cert from an existing CA?
We're trying to set up OpenDirectory. It seems to want to create its own CA, and then an intermediate CA with a certificate signed by its own CA. I'd prefer to generate an intermediate CA certificate from our existing internal CA and have it use…
Nick Phillips
- 51
- 5
1
vote
0 answers
apache/mod_gnutls ssl certificate based authentication
I'm using apache with gnutls. I've configured both to request authentication from the client.
When providing the certificate it works. But it works also if I provide another that the correct certificate. That means, if I use the one which is signed…
meme
- 43
- 4